about summary refs log tree commit homepage
path: root/unicorn.gemspec
diff options
context:
space:
mode:
authorEric Wong <normalperson@yhbt.net>2009-10-16 13:46:18 -0700
committerEric Wong <normalperson@yhbt.net>2009-10-16 13:54:57 -0700
commit580d242fbfe95ea2ce7709f90f25e655bc2d93ac (patch)
tree19dd8da1e1f3d3d346a042bf0470b9af17b6e914 /unicorn.gemspec
parent370cb0670d1b1841ae19e871e7aee4fec167d4e8 (diff)
downloadunicorn-580d242fbfe95ea2ce7709f90f25e655bc2d93ac.tar.gz
In short: upgrade to Rails 2.3.4 (or later)

ref: http://mid.gmane.org/20091014221552.GA30624@dcvr.yhbt.net
Note: the workaround described in the article above only made
the issue more subtle and we didn't notice them immediately.
Diffstat (limited to 'unicorn.gemspec')
-rw-r--r--unicorn.gemspec4
1 files changed, 4 insertions, 0 deletions
diff --git a/unicorn.gemspec b/unicorn.gemspec
index c5b4422..063b313 100644
--- a/unicorn.gemspec
+++ b/unicorn.gemspec
@@ -43,6 +43,10 @@ Gem::Specification.new do |s|
 
   s.test_files = test_files
 
+  # for people that are absolutely stuck on Rails 2.3.2 and can't
+  # up/downgrade to any other version, the Rack dependency may be
+  # commented out.  Nevertheless, upgrading to Rails 2.3.4 or later is
+  # *strongly* recommended for security reasons.
   s.add_dependency(%q<rack>)
 
   # s.licenses = %w(GPLv2 Ruby) # licenses= method is not in older Rubygems