Upgrade redmine installation?

Since the recent critical security issues with Rails and the subsequent releases to fix them, how can I most easily upgrade my redmine installation to avoid it becoming compromised?

As I understand it, I only need to upgrade rails. But that doesn't seem to be straightforward:

[cgk@web186 redmine]$ which gem
~/webapps/redmine/bin/gem
[cgk@web186 redmine]$ gem update rails
Updating installed gems
Nothing to update
[cgk@web186 redmine]$ gem list

*** LOCAL GEMS ***

bundler (1.2.3)
daemon_controller (0.2.6)
edavis10-object_daddy (0.4.3)
fastthread (1.0.7)
i18n (0.4.2)
metaclass (0.0.1)
mocha (0.10.3)
mysql (2.8.1)
passenger (3.0.9)
rack (1.3.2, 1.1.0)
rake (10.0.3, 0.9.2)
rdoc (2.4.2)
rubygems-update (1.8.24, 1.5.3)
shoulda (2.10.3)
sqlite3 (1.3.5)
sqlite3-ruby (1.3.3)
svn2git (2.1.2)

I'm relatively sure that I installed redmine by using webfaction's automated installer, and it's a Rails app, but where does Rails come from? Is it using some system-wide Rails install which has already been patched? (I can't tell because there's no rails command in my path)

If it is using some local and hence still vulnerable version of Rails, how do I go about upgrading it?

redmine rails

asked 09 Feb '13, 22:15

cgk
11●1●3
accept rate: 0%

edited 09 Feb '13, 22:15

Rails is not system-wide; it's installed into your application and each separate rails or redmine application will have its own independent rails. That means you do want to upgrade.

Our standard Rails one-click installers are now fully updated, and we're currently working on upgrading our Redmine installers as well, which we hope to have finished in a few days.

It may be simpler to wait until our new installers are released, and then deploy the redmine content into the newly-installed redmine app. Rails has a lot of dependencies; upgrading it in-place is possible, but you will need to spend time tracing all of the dependencies.

(09 Feb '13, 23:46) ryans ♦♦

Is there some way I can be notified when the updated redmine installers are available?

(11 Feb '13, 18:01) cgk

@cgk The new Redmine installer is now available.

(11 Feb '13, 21:36) waynek

Be the first one to answer this question!

toggle preview

community wiki:

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "title")
image?![alt text](/path/img.jpg "title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

learn more about Markdown

Question tags:

rails ×108
redmine ×46

question asked: 09 Feb '13, 22:15

question was seen: 2,505 times

last updated: 11 Feb '13, 21:36

Upgrade redmine installation?

Follow this question

Related questions