[kanzure]

Yo dawgs, the mailchimp, aws-sdk, jenkins and twilio gems use HTTParty which uses multi_xml. You should look into this.

[patio11]

I appreciate this comment more than I have words. Dawg.

[FuzzyDunlop]

Or reference HTTParty from git, which has been fixed, in your Gemfile:

https://github.com/jnunemaker/httparty/commit/53a812426dd321...

Correction: Although this might not have much to do with multi_xml if that security risk isn't mitigated.

[fowlduck]

YAML can still be loaded from XML response bodies, it just doesn't parse response bodies that are pure YAML anymore. Something like <tag type="yaml">yaml here</tag>.

[jmileham]

Actually paperclip doesn't rely on HTTParty, but def check out your Gemfile.lock anyway -- it's a pretty common library dependency.

[kanzure]

    > Actually paperclip doesn't rely on HTTParty

I thought it uses aws-sdk? Looks like it doesn't. Huh..

https://github.com/aws/aws-sdk-ruby/blob/master/Gemfile#L17

[benatkin]

It's like ActiveRecord, where it comes with an adapter for several backends, but in order to use a backend you need to install a library gem which is not a dependency of ActiveRecord.

[bradly]

Quick clarification: The multi_xml gem has _not_ been updated, so there is nothing to upgrade, correct? Just the monkey-patch fix?

[kanzure]

Oh hmm, I guess that's a good thing to point out. Yes, the multi_xml gem has not been upgraded, and the listed dependencies for httparty and mailchimp haven't changed either.

[sferik]

A new gem release is in the works and should be pushed tomorrow. In the mean time, you can use this workaround.

[sferik]

MultiXML version 0.5.2 is now released.

[cdcarter]

Though the 'twilio' gem does use HTTParty, 'twilio-ruby' doesn't. So just make sure to check your Gemspec.lock.

[venus]

Also bugsnag.