Closed defvol closed 10 years ago
Detecting if you’re vulnerable
$ heroku run "ruby -v" -a APPNAME
If your patch version is less than what’s listed above (e.g., 1.9.2p320), you’re vulnerable. Upgrading To upgrade, you’ll need to push a new commit to your app, which will cause a deploy. If you don’t want to push any actual changes, this commit can be empty:
$ git commit --allow-empty -m "upgrade ruby version"
$ git push heroku master
https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/