The Ruby core team has released a security patch for Ruby 1.9.3 and
2.0.0 to fix a security vulnerability that can lead to denial of service
through memory overflows. You can find more information about this
issuehere.
This is what we’ve done
We have updated the deployed version numbers of Ruby 1.9.3 (to 484) and
2.0.0 (to 535)on the system and all new stacks and servers scaled up
since yesterday have the patched version of Ruby installed. All stacks
with Ruby versions without the patch will see a warning on
their [StackScore](https://help.cloud66.com/stack-features/stackscore.html" Link: https://help.cloud66.com/stack-features/stackscore.html") related
to this.
We have also rolled out automatic Ruby update feature to allow you
upgrade your Ruby version when you’re ready. More information
on Upgrading your Ruby and
Rails.
This is what you need todo
Login to your Cloud 66 dashboard and see if you have a StackScore
warning related to this issue. You don’t need to do anything if there is
no warning.
Please note:The warning will not be issued for stacks that are not
successfully deployed. You will see the warning if it is applicable
after your stack is deployed successfully.
If you see a warning, you can use the Deploy with Options menu item
(under the stack deploy icon) and select the Apply Upgrades checkbox and
click on the Deploy button. This will upgrade your Ruby to 1.9.3p484 or
Ruby 2.0.0p353 on all your servers and redeploy your stack normally
afterwards.
Important Note:
Please make sure your code works with these Ruby versions. Also please
note that this action will deploy your latest code to your stack.
As always, if you need any help or support please let us know using
support@cloud66.com or the usual Support
link on your dashboard.