Heroku Changelog Rebuilt Rubies with new libyaml for CVE-2013-6393

Change effective on 04 February 2014

Yesterday, there was a security incident CVE-2013-6393 with libyaml which exposed a heap-based buffer overflow when parsing YAML tags. We’ve recompiled all affected MRI Rubies we support with libyaml 0.1.5 that fixes this issue: 1.9.2, 1.9.3, 2.0.0, 2.1.0. In order to receive this update, just push to your app:

$ git commit -m "update ruby for CVE-2013-6393" --allow-empty
$ git push heroku master

This is not a patchlevel change, only the vendored libyaml version has updated

You can see which version of libyaml your app is using by running:

$ heroku run "ruby -rpsych -e 'p Psych.libyaml_version'" --app sushi
Running `ruby -rpsych -e 'p Psych.libyaml_version'` attached to terminal... up, run.3580
[0, 1, 5]