'捆绑安装后'命令,似乎使用了一些旧版本的libyaml(见下文)。按照说明不行,因为rails_admin是一个引擎(我猜)。知道如何解决这个问题吗?
SafeYAML Warning
----------------
You appear to have an outdated version of libyaml (0.1.5) installed on your system.
Prior to 0.1.6, libyaml is vulnerable to a heap overflow exploit from malicious YAML payloads.
For more info, see:
https://www.ruby-lang.org/en/news/2014/03/29/heap-overflow-in-yaml-uri-escape-parsing-cve-2014-2525/
The easiest thing to do right now is probably to update Psych to the latest version and enable
the 'bundled-libyaml' option, which will install a vendored libyaml with the vulnerability patched:
gem install psych -- --enable-bundled-libyaml
答案 0 :(得分:3)
只需3步:
告诉bundler安装具有特定参数的psych
bundle config build.psych --enable-bundled-libyaml
在Gemfile中指定较新版本的psych gem(ruby 2.0+附带psych 2.0.0)
gem“psych”,“〜> 2.0.5”
运行bundler