在为canvas lms(一个ror框架的开源项目)部署环境,使用阿帕奇服务器启动建立站点时网页报500错误,查看服务器错误日志发现似乎是是gemfile文件语法错误(ruby:3.1.2,bundler:2.3.7,gem:3.3.7,apache:2.4)
内容如下:
[ E 2024-03-17 15:41:33.3261 23718/Tj age/Cor/App/Implementation.cpp:221 ]: Could not spawn process for application /var/canvas: The application encountered the following error:
[!] There was an error parsing `Gemfile`: syntax error, unexpected ',' - active:,
^
/var/canvas/Gemfile:46: syntax error, unexpected `end', expecting end-of-input
. Bundler cannot continue.
# from /var/canvas/Gemfile:40
# -------------------------------------------
# lockfile(lockfile,
> active:,
# parent:,
# -------------------------------------------
(Bundler::Dsl::DSLError)
Error ID: b87f4993
Error details saved to: /tmp/passenger-error-oJGgMB.html
[ E 2024-03-17 15:41:33.3283 23718/T8 age/Cor/Con/CheckoutSession.cpp:283 ]: [Client 1-1] Cannot checkout session because a spawning error occurred. The identifier of the error is b87f4993. Please see earlier logs for details about the error.
[ W 2024-03-17 15:41:42.7692 23705/T1 age/Wat/WatchdogMain.cpp:538 ]: Some Phusion Passenger(R) agent processes did not exit in time, forcefully shutting down all.
[ E 2024-03-17 15:41:43.7405 23718/T5 age/Cor/SecurityUpdateChecker.h:521 ]: A security update is available for your version (6.0.18) of Phusion Passenger(R). We strongly recommend upgrading to version 6.0.20.
[ E 2024-03-17 15:41:43.7406 23718/T5 age/Cor/SecurityUpdateChecker.h:526 ]: Additional security update check information:
- [Fixed in 6.0.19] [CVE-2023-38545] A vulnerability existed in libcurl before 8.4.0 which was the library used for Passenger proxy functionality. Exploiting this vulnerability would require two preconditions. First a SOCKS5 proxy to be configured for Passenger licensing, anonymous telemetry, or security update check which is not the default but is possible. Second the attacker would need to cause Passenger to use an attacker-controlled URL when performing these requests. Causing Passenger to use non-standard urls requires that the attacker already have code execution on the Passenger host, or control of the Passenger config. If exploited this vulnerability could lead to code execution, due to buffer overflow.
求高人指点,不胜感激!
