Rails:Psych，从0.1.4更新libyaml [英] Rails: Psych, Updating libyaml from 0.1.4

问题描述

我需要安装需要qt库的capybara-webkit，所以我使用以下命令使用homebrew安装了它们

I needed capybara-webkit installed which needed the qt libraries, so I went and installed them using homebrew with the following commands

brew update
brew install qt
brew linkapps

然后我将其捆绑在一起，并且使用capybara-webkit一切都很好.但是，我的警卫抛出了以下警告.

I then bundled and all was well with the capybara-webkit. However, my guard is throwing the below warning.

 You appear to have an outdated version of libyaml (0.1.4) installed on your system.

  Prior to 0.1.6, libyaml is vulnerable to a heap overflow exploit from malicious YAML payloads.


  The easiest thing to do right now is probably to update Psych to the latest version and enable
  the 'bundled-libyaml' option, which will install a vendored libyaml with the vulnerability patched:

  gem install psych -- --enable-bundled-libyaml

看起来很简单.但是，即使使用'bundled-libyaml'选项成功安装了心理软件之后，我仍然会看到有关过时的libyaml的警告.此外，当我检查与psyche关联的libyaml版本(ruby -rpsych -e'p Psych.libyaml_version')时，它仍然是1.4.

Seemed simple enough. However, even after a successful psych installation with the 'bundled-libyaml' option I am still seeing this warning about outdated libyaml. Further, when I check the version of libyaml associated with psyche (ruby -rpsych -e 'p Psych.libyaml_version') it's still 1.4.

有什么想法吗?

推荐答案

尝试:

brew upgrade libyaml

为我工作.

这篇关于Rails:Psych，从0.1.4更新libyaml的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！