1
0
Fork 0
mirror of https://github.com/puma/puma.git synced 2022-11-09 13:48:40 -05:00

simplify readme structure

git-svn-id: svn+ssh://rubyforge.org/var/svn/mongrel/trunk@576 19e92222-5c0b-0410-8929-a290d50e31e9
This commit is contained in:
evanweaver 2007-08-22 10:38:43 +00:00
parent 30da2d29a3
commit a6142a11b4

View file

@ -11,22 +11,17 @@ Copyright 2006, 2007 Cloudburst, LLC. Portions copyright 2006 Jeremy Kemper, Jam
Fixes an exploitable bug in CGI multipart parsing which affects Ruby <= 1.8.5. When multipart boundary attributes contain non-halting regular expression strings, the boundary searcher in the CGI module does not properly escape the parameter and will execute arbitrary regular expressions. This fix adds escaping for the user data. Fixes an exploitable bug in CGI multipart parsing which affects Ruby <= 1.8.5. When multipart boundary attributes contain non-halting regular expression strings, the boundary searcher in the CGI module does not properly escape the parameter and will execute arbitrary regular expressions. This fix adds escaping for the user data.
This is fix is cumulative with previous CGI multipart vulnerability fixes; see version 1.0.0 of the gem by Jamis Buck et. al. * Affected application servers: standalone CGI, Mongrel, WEBrick
== Installation
sudo gem install cgi_multipart_eof_fix
== Scope
* Affected: standalone CGI, Mongrel, WEBrick
* Unaffected: FastCGI, Ruby 1.8.6 (all servers) * Unaffected: FastCGI, Ruby 1.8.6 (all servers)
* Unknown: mod_ruby * Unknown: mod_ruby
This library will not modify versions of Ruby greater than 1.8.5. This fix will not modify versions of Ruby greater than 1.8.5, and is cumulative with previous CGI multipart vulnerability fixes.
== Usage == Usage
Install the gem:
sudo gem install cgi_multipart_eof_fix
Run the included test to verify that the patch works as intended. Then, <tt>require</tt> the gem in every affected application, as follows: Run the included test to verify that the patch works as intended. Then, <tt>require</tt> the gem in every affected application, as follows:
require 'rubygems' require 'rubygems'