Home page logo

webappsec logo WebApp Sec mailing list archives

RE: [WEB SECURITY] Ruby On Rails 1.1.5 Released to Address Critical Vulnerability
From: "Caleb Sima" <Caleb.Sima () spidynamics com>
Date: Thu, 10 Aug 2006 10:27:49 -0400

Exploit detail for the issue is being talked about in the ruby forums


-----Original Message-----
From: bugtraq () cgisecurity net [mailto:bugtraq () cgisecurity net] 
Sent: Wednesday, August 09, 2006 9:33 PM
To: websecurity () webappsec org; webappsec () securityfocus com
Subject: [WEB SECURITY] Ruby On Rails 1.1.5 Released to Address Critical

From their blog

"We're still hard at work on Rails 1.2, which features all the new dandy
REST stuff and more, but a serious security concern has come to our
attention that needed to be addressed sooner than the release of 1.2
would allow. So here's Rails 1.1.5!

This is a MANDATORY upgrade for anyone not running on a very recent edge
(which isn't affected by this). 
If you have a public Rails site, you MUST upgrade to Rails 1.1.5. The
security issue is severe and you do not want to be caught unpatched.

The issue is in fact of such a criticality that we're not going to dig
into the specifics. No need to arm would-be assalients."

Blog URL: http://weblog.rubyonrails.com/

- Robert
http://www.cgisecurity.com/ Website Security, and Application Security
News http://www.cgisecurity.com/index.rss [RSS news Feed]

The Web Security Mailing List: 

The Web Security Mailing List Archives: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Sponsored by: Watchfire

Watchfire was recently named the worldwide market leader in Web
application security assessment tools by both Gartner and IDC.
Download a free trial of AppScan today and see why more customers choose
AppScan then any other solution. Try it today!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]