After the 'bundle install' command, it seems some old version of libyaml are used (see below). Following the instructions don't work because rails_admin is an engine (I guess). Any idea how to solve this issue?
SafeYAML Warning
----------------
You appear to have an outdated version of libyaml (0.1.5) installed on your system.
Prior to 0.1.6, libyaml is vulnerable to a heap overflow exploit from malicious YAML payloads.
For more info, see:
https://www.ruby-lang.org/en/news/2014/03/29/heap-overflow-in-yaml-uri-escape-parsing-cve-2014-2525/
The easiest thing to do right now is probably to update Psych to the latest version and enable
the 'bundled-libyaml' option, which will install a vendored libyaml with the vulnerability patched:
gem install psych -- --enable-bundled-libyaml
Just 3 steps:
tell bundler to install psych with specific arguments
bundle config build.psych --enable-bundled-libyaml
specify a newer version of psych gem in Gemfile(ruby 2.0+ is shipped with psych 2.0.0)
gem "psych", "~> 2.0.5"
run bundler