Last Updated: February 25, 2016
·
1.623K
· fr4nktic

Disable XML Parsing in a Rails 2.0.x App

Since there is no update to fix the paramater parsing vulnerability in Rails 2.0.x and you are still running a Rails 2.0.x app, XML parsing can be disabled by adding the following to the bottom of your environment.rb file.

ActionController::Base.param_parsers.delete(Mime::XML)

2 Responses
Add your response

Completely disable is not a solution, and you can find a fix here: https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion

over 1 year ago ·

Agreed, but there is no official patch for Rails 2.0.x. Disabling XML parsing is only a temporary solution until the entire app can be updated to a version of Rails that is still maintained.

over 1 year ago ·