From 7065ec58c26803b9fbc99476c09c1599996f4cc1 Mon Sep 17 00:00:00 2001 From: Benjamin Mako Hill Date: Wed, 9 Jan 2013 11:43:27 -0500 Subject: [PATCH 1/1] fix security issue --- config/environment.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/config/environment.rb b/config/environment.rb index 28ecf9e..802b3b9 100644 --- a/config/environment.rb +++ b/config/environment.rb @@ -147,3 +147,8 @@ GeoKit::Geocoders::geocoder_ca = false # various geocoders. Make sure you read up on relevant Terms of Use for each # geocoder you are going to use. GeoKit::Geocoders::provider_order = [:google,:us] + +# fix major security vulnerability: +# https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion +ActionController::Base.param_parsers.delete(Mime::XML) + -- 2.39.5