最近我开始收到以下警告:
SafeYAML Warning
----------------
You appear to have an outdated version of libyaml (0.1.4) installed on your system.
Prior to 0.1.6, libyaml is vulnerable to a heap overflow exploit from malicious YAML payloads.
For more info, see:
https://www.ruby-lang.org/en/news/2014/03/29/heap-overflow-in-yaml-uri-escape-parsing-cve-2014-2525/
The easiest thing to do right now is probably to update Psych to the latest version and enable
the 'bundled-libyaml' option, which will install a vendored libyaml with the vulnerability patched:
gem install psych -- --enable-bundled-libyaml
我在 Mac OS X 上,运行ruby 2.0.0p451通过RVM安装。
我尝试了以下方法无济于事:
brew upgrade libyaml根据SO/22919990
rvm pkg install libyaml其次是rvm reinstall ruby-2.0.0-p451- SO/9434002
rvm pkg install libyaml其次是-SO rvm reinstall ruby-2.0.0-p451 --with-libyaml-dir=~/.rvm/usr/ 12882190