From 580d242fbfe95ea2ce7709f90f25e655bc2d93ac Mon Sep 17 00:00:00 2001 From: Eric Wong Date: Fri, 16 Oct 2009 13:46:18 -0700 Subject: KNOWN_ISSUES: document Rack gem issue w/Rails 2.3.2 In short: upgrade to Rails 2.3.4 (or later) ref: http://mid.gmane.org/20091014221552.GA30624@dcvr.yhbt.net Note: the workaround described in the article above only made the issue more subtle and we didn't notice them immediately. --- KNOWN_ISSUES | 13 +++++++++++++ unicorn.gemspec | 4 ++++ 2 files changed, 17 insertions(+) diff --git a/KNOWN_ISSUES b/KNOWN_ISSUES index 436997d..979ac9d 100644 --- a/KNOWN_ISSUES +++ b/KNOWN_ISSUES @@ -1,5 +1,18 @@ = Known Issues +* Rails 2.3.2 bundles its own version of Rack. This may cause subtle + bugs when simultaneously loaded with the system-wide Rack Rubygem + which Unicorn depends on. Upgrading to Rails 2.3.4 (or later) is + strongly recommended for all Rails 2.3.x users for this (and security + reasons). Rails 2.2.x series (or before) did not bundle Rack and are + should be unnaffected. If there is any reason which forces your + application to use Rails 2.3.2 and you have no other choice, then + you may edit your Unicorn gemspec and remove the Rack dependency. + + ref: http://mid.gmane.org/20091014221552.GA30624@dcvr.yhbt.net + Note: the workaround described in the article above only made + the issue more subtle and we didn't notice them immediately. + * Installing "unicorn" as a system-wide Rubygem and using the {isolate}[http://github.com/jbarnette/isolate] gem may cause issues if you're using any of the bundled application-level libraries in diff --git a/unicorn.gemspec b/unicorn.gemspec index c5b4422..063b313 100644 --- a/unicorn.gemspec +++ b/unicorn.gemspec @@ -43,6 +43,10 @@ Gem::Specification.new do |s| s.test_files = test_files + # for people that are absolutely stuck on Rails 2.3.2 and can't + # up/downgrade to any other version, the Rack dependency may be + # commented out. Nevertheless, upgrading to Rails 2.3.4 or later is + # *strongly* recommended for security reasons. s.add_dependency(%q) # s.licenses = %w(GPLv2 Ruby) # licenses= method is not in older Rubygems -- cgit v1.2.3-24-ge0c7