Project

General

Profile

Using Redmine 2.1.x with Rails 3.2.11

Added by Torben Hansen almost 12 years ago

Rails has two extremely critical security fixes (CVE-2013-0155 and CVE-2013-0156), we have updated rails to version 3.2.11

Since Redmine 2.1.x uses Rails 3.2.8, we have updated the Gemfile and Gemfile.lock to use Rails 3.2.11 (just searched for 3.2.8 and replaced it with 3.2.11)

Is this is the correct way to tell Redmine to use Rails 3.2.11?

Or is there a stable version of Redmine, which already runs stable on Rails 3.2.11?

Best regards
Torben


Replies (2)

RE: Using Redmine 2.1.x with Rails 3.2.11 - Added by Etienne Massip almost 12 years ago

Torben Hansen wrote:

Rails has two extremely critical security fixes (CVE-2013-0155 and CVE-2013-0156), we have updated rails to version 3.2.11

Since Redmine 2.1.x uses Rails 3.2.8, we have updated the Gemfile and Gemfile.lock to use Rails 3.2.11 (just searched for 3.2.8 and replaced it with 3.2.11)

That's not the way to update a bundle: first update your Gemfile as you did then run bundle install, this will generate a new Gemfile.lock.

Is this is the correct way to tell Redmine to use Rails 3.2.11?

That's a slightly risky way since your Redmine version has not been tested against this specific Rails version.

Upgrading from Rails 3.2.8 to 3.2.11 is unlikely to break anything but still it happens sometimes; migrating to an more recent Redmine release using Rails 3.2.11 as a dependency is a better option if you can allow it.

Or is there a stable version of Redmine, which already runs stable on Rails 3.2.11?

Not yet but 2.2.1 is going to be released very soon and will require Rails 3.2.11.

RE: Using Redmine 2.1.x with Rails 3.2.11 - Added by Torben Hansen almost 12 years ago

Thank you for your reply. Actually redmine 2.1.x was running well with Rails 3.2.11, but I´ll changed everything back to be sure nothing breaks unexpectly. Looking forward to upgrade to 2.2.1

    (1-2/2)