redmine_response.txt

response text - Linus van Geuns, 2016-02-18 17:17

Download (974 Bytes)

 
1
If you are running Redmine on debian-lts (squeeze) by any chance, this issue seems to be caused by a passenger security update from the debian-lts team.
2
In that case you can downgrade package ibapache2-mod-passenger and hold it at the previous version:
3

    
4
<pre>
5
aptitude install libapache2-mod-passenger=2.2.11debian-2
6
aptitude hold libapache2-mod-passenger
7
</pre>
8

    
9
*This obviously removes the security fix to CVE-2015-7519 and you have to remember to "unhold" and update passenger as soon as this issue has been clarified/fixed.*
10

    
11
The update seems to cause the Rails request environent used by <pre>libactionpack-ruby1.8: /usr/lib/ruby/1.8/action_controller/request.rb</pre> to be incomplete.
12
In particular, <pre>@env['REQUEST_URI']</pre> seems to be <pre>nil</pre>.
13
(At least as far as I can tell - not a ruby expert)
14

    
15
Further info on the security update:
16
https://blog.phusion.nl/2015/12/07/cve-2015-7519/
17
https://lists.debian.org/debian-lts-announce/2016/01/msg00018.html
18