0
「捆綁安裝」命令後,似乎使用了一些舊版本的libyaml(請參見下文)。遵循指示不起作用,因爲rails_admin是一個引擎(我猜)。任何想法如何解決這個問題?安裝rails_admin會導致SafeYAML警告
SafeYAML Warning
----------------
You appear to have an outdated version of libyaml (0.1.5) installed on your system.
Prior to 0.1.6, libyaml is vulnerable to a heap overflow exploit from malicious YAML payloads.
For more info, see:
https://www.ruby-lang.org/en/news/2014/03/29/heap-overflow-in-yaml-uri-escape-parsing-cve-2014-2525/
The easiest thing to do right now is probably to update Psych to the latest version and enable
the 'bundled-libyaml' option, which will install a vendored libyaml with the vulnerability patched:
gem install psych -- --enable-bundled-libyaml