问题
I needed capybara-webkit installed which needed the qt libraries, so I went and installed them using homebrew with the following commands
brew update
brew install qt
brew linkapps
I then bundled and all was well with the capybara-webkit. However, my guard is throwing the below warning.
You appear to have an outdated version of libyaml (0.1.4) installed on your system.
Prior to 0.1.6, libyaml is vulnerable to a heap overflow exploit from malicious YAML payloads.
The easiest thing to do right now is probably to update Psych to the latest version and enable
the 'bundled-libyaml' option, which will install a vendored libyaml with the vulnerability patched:
gem install psych -- --enable-bundled-libyaml
Seemed simple enough. However, even after a successful psych installation with the 'bundled-libyaml' option I am still seeing this warning about outdated libyaml. Further, when I check the version of libyaml associated with psyche (ruby -rpsych -e 'p Psych.libyaml_version') it's still 1.4.
Any ideas?
回答1:
Try to:
brew upgrade libyaml
works for me.
回答2:
brew update libyaml
didn't work for me, but
rvm get stable
did.
回答3:
On Ubuntu this worked for me. It reinstalls all rubies so may take a while.
rvm pkg install libyaml
rvm reinstall all --force
Sample run
rvm pkg install libyaml
Beware, 'rvm pkg ...' is deprecated, read about the new autolibs feature: 'rvm help autolibs'.
Checking requirements for ubuntu.
Requirements installation successful.
Fetching yaml-0.1.6.tar.gz to /home/assay/.rvm/archives
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 491k 100 491k 0 0 142k 0 0:00:03 0:00:03 --:--:-- 481k
No checksum for downloaded archive, recording checksum in user configuration.
Extracting yaml to /home/assay/.rvm/src/yaml-0.1.6...
Prepare yaml in /home/assay/.rvm/src/yaml-0.1.6..
Configuring yaml in /home/assay/.rvm/src/yaml-0.1.6..........
Compiling yaml in /home/assay/.rvm/src/yaml-0.1.6...................
Installing yaml to /home/assay/.rvm/usr.......
Please note that it's required to reinstall all rubies:
rvm reinstall all --force
来源:https://stackoverflow.com/questions/22919990/rails-psych-updating-libyaml-from-0-1-4