On Thu, 5 Aug 2021 at 01:15, Sam Ruby <ru...@intertwingly.net> wrote: > > On Wed, Aug 4, 2021 at 7:38 PM sebb <seb...@gmail.com> wrote: > > > > On Thu, 5 Aug 2021 at 00:14, Sam Ruby <ru...@intertwingly.net> wrote: > > > > > > It looks like sebb disabled security updates on wunderbar, which seems > > > unwise. > > > > Updates were *not* disabled, but updates are no longer automatically > > installed. > > > > This was done because one of the previous updates to Wunderbar broke things. > > > > https://lists.apache.org/thread.html/r2d1a2e39bd92390e68efebc5bd53b4594271492468728c1ca45ab895%40%3Cdev.whimsical.apache.org%3E > > Once whimsy updated to Ruby 2.7, Ruby safety checks were no longer > something that could be trusted, and wunderbar was updated to require > an opt in to retain the old (insecure) behavior. > > The version of wunderbar had been pinned before that change, whimsy > would have had a security issue. If there is a choice between > availability (up time) and security, we need to prioritize security. > > What you have implemented is unwise, and I therefore am now giving my > -1 to that approach and am requesting that it be reverted.
Is it always wise to update to the most recent version of a Gem? i.e. does a new release never have a new security issue? Note that ruby2js is currently pinned - should that be unpinned also? > - Sam Ruby > > > > https://github.com/apache/whimsy/blob/f95c56af00e57ee51582b9a74961983b6dc85e6a/www/secretary/workbench/Gemfile#L19 > > > > > > - Sam Ruby > > > > > > On Wed, Aug 4, 2021 at 5:24 PM Sam Ruby <ru...@intertwingly.net> wrote: > > > > > > > > I pushed wunderbar 1.5.0 which should fix the problem. This will be > > > > picked up the next time puppet runs. > > > > > > > > - Sam Ruby > > > > > > > > On Wed, Aug 4, 2021 at 2:00 PM Craig Russell <apache....@gmail.com> > > > > wrote: > > > > > > > > > > Anyone else seeing this on > > > > > https://whimsy.apache.org/secretary/workbench/ ? > > > > > > > > > > Error starting web application > > > > > > > > > > The Phusion Passenger application server tried to start the web > > > > > application. But the application itself (and not Passenger) > > > > > encountered an internal error. > > > > > > > > > > Error details: > > > > > > > > > > cannot load such file -- nokogumbo (LoadError) > > > > > > > > > > /var/lib/gems/2.7.0/gems/wunderbar-1.4.5/lib/wunderbar/render.rb:9:in > > > > > `require' > > > > > > > > > > /var/lib/gems/2.7.0/gems/wunderbar-1.4.5/lib/wunderbar/render.rb:9:in > > > > > `<top (required)>' > > > > > /var/lib/gems/2.7.0/gems/wunderbar-1.4.5/lib/wunderbar/vue.rb:1:in > > > > > `require' > > > > > /var/lib/gems/2.7.0/gems/wunderbar-1.4.5/lib/wunderbar/vue.rb:1:in > > > > > `<top (required)>' > > > > > /x1/srv/whimsy/www/secretary/workbench/server.rb:7:in `require' > > > > > /x1/srv/whimsy/www/secretary/workbench/server.rb:7:in `<top > > > > > (required)>' > > > > > config.ru:1:in `require' > > > > > config.ru:1:in `block in <main>' > > > > > /var/lib/gems/2.7.0/gems/rack-2.2.3/lib/rack/builder.rb:125:in > > > > > `instance_eval' > > > > > /var/lib/gems/2.7.0/gems/rack-2.2.3/lib/rack/builder.rb:125:in > > > > > `initialize' > > > > > config.ru:1:in `new' > > > > > config.ru:1:in `<main>' > > > > > > > > > > /var/lib/gems/2.7.0/gems/passenger-6.0.5/src/helper-scripts/rack-preloader.rb:101:in > > > > > `eval' > > > > > > > > > > /var/lib/gems/2.7.0/gems/passenger-6.0.5/src/helper-scripts/rack-preloader.rb:101:in > > > > > `preload_app' > > > > > > > > > > /var/lib/gems/2.7.0/gems/passenger-6.0.5/src/helper-scripts/rack-preloader.rb:189:in > > > > > `block in <module:App>' > > > > > > > > > > /var/lib/gems/2.7.0/gems/passenger-6.0.5/src/ruby_supportlib/phusion_passenger/loader_shared_helpers.rb:378:in > > > > > `run_block_and_record_step_progress' > > > > > > > > > > /var/lib/gems/2.7.0/gems/passenger-6.0.5/src/helper-scripts/rack-preloader.rb:188:in > > > > > `<module:App>' > > > > > > > > > > /var/lib/gems/2.7.0/gems/passenger-6.0.5/src/helper-scripts/rack-preloader.rb:30:in > > > > > `<module:PhusionPassenger>' > > > > > > > > > > /var/lib/gems/2.7.0/gems/passenger-6.0.5/src/helper-scripts/rack-preloader.rb:29:in > > > > > `<main>' > > > > > The stdout/stderr output of the subprocess so far is: > > > > > > > > > > Error: The application encountered the following error: cannot load > > > > > such file -- nokogumbo (LoadError) > > > > > > > > > > /var/lib/gems/2.7.0/gems/wunderbar-1.4.5/lib/wunderbar/render.rb:9:in > > > > > `require' > > > > > > > > > > /var/lib/gems/2.7.0/gems/wunderbar-1.4.5/lib/wunderbar/render.rb:9:in > > > > > `<top (required)>' > > > > > > > > > > /var/lib/gems/2.7.0/gems/wunderbar-1.4.5/lib/wunderbar/vue.rb:1:in > > > > > `require' > > > > > > > > > > /var/lib/gems/2.7.0/gems/wunderbar-1.4.5/lib/wunderbar/vue.rb:1:in > > > > > `<top (required)>' > > > > > /x1/srv/whimsy/www/secretary/workbench/server.rb:7:in `require' > > > > > /x1/srv/whimsy/www/secretary/workbench/server.rb:7:in `<top > > > > > (required)>' > > > > > config.ru:1:in `require' > > > > > config.ru:1:in `block in <main>' > > > > > /var/lib/gems/2.7.0/gems/rack-2.2.3/lib/rack/builder.rb:125:in > > > > > `instance_eval' > > > > > /var/lib/gems/2.7.0/gems/rack-2.2.3/lib/rack/builder.rb:125:in > > > > > `initialize' > > > > > config.ru:1:in `new' > > > > > config.ru:1:in `<main>' > > > > > > > > > > /var/lib/gems/2.7.0/gems/passenger-6.0.5/src/helper-scripts/rack-preloader.rb:101:in > > > > > `eval' > > > > > > > > > > /var/lib/gems/2.7.0/gems/passenger-6.0.5/src/helper-scripts/rack-preloader.rb:101:in > > > > > `preload_app' > > > > > > > > > > /var/lib/gems/2.7.0/gems/passenger-6.0.5/src/helper-scripts/rack-preloader.rb:189:in > > > > > `block in <module:App>' > > > > > > > > > > /var/lib/gems/2.7.0/gems/passenger-6.0.5/src/ruby_supportlib/phusion_passenger/loader_shared_helpers.rb:378:in > > > > > `run_block_and_record_step_progress' > > > > > > > > > > /var/lib/gems/2.7.0/gems/passenger-6.0.5/src/helper-scripts/rack-preloader.rb:188:in > > > > > `<module:App>' > > > > > > > > > > /var/lib/gems/2.7.0/gems/passenger-6.0.5/src/helper-scripts/rack-preloader.rb:30:in > > > > > `<module:PhusionPassenger>' > > > > > > > > > > /var/lib/gems/2.7.0/gems/passenger-6.0.5/src/helper-scripts/rack-preloader.rb:29:in > > > > > `<main>' > > > > > This website is powered by Phusion Passenger®, the smart application > > > > > server built by Phusion®. > > > > > Craig L Russell > > > > > c...@apache.org > > > > >
