Secure your Redmine install by patching Ruby on Rails

How to go about securing your Redmine install on Ruby on Rails

Fairly recently the Ruby on Rails community released some patches to fix some rather serious security problems with Rails. If you haven't patched yet you really, really should.

The only application we had on a public server was our Redmine installation, one of the issues with Redmine is that is can be pretty picky about which versions of Rails it will play with so I was a little worried about updating it and potentially breaking everything.

If you followed my guide for installing Redmine then you are in luck, to patch Rails is incredibly easy. Shut down Redmine and run the following;

gem update

That is it! It updates all the gems installed to the latest versions (in the case of 3.2.x it took me to 3.2.11). Turn Redmine back on and enjoy the project management goodness knowing your Rails setup is nice and patched.


Recent posts View all

Ruby

How to ignore Bullet in RSpec tests

Using Bullet during a test can pick up mistakes but also has false negatives; here is an easy way to ignore them

Ruby

How we used Nokogiri to fix a sizing issue in YouTube's oEmbed

At some point, one of our calls to YouTube's oEmbed endpoint was returning videos way too small; we fixed in in our Rails application by using Nokogiri