Home page logo
/

webappsec logo WebApp Sec mailing list archives

RE: [WEB SECURITY] Ruby On Rails 1.1.5 Released to Address Critical Vulnerability
From: "Caleb Sima" <Caleb.Sima () spidynamics com>
Date: Thu, 10 Aug 2006 10:27:49 -0400

Exploit detail for the issue is being talked about in the ruby forums

http://www.ruby-forum.com/topic/76671


-----Original Message-----
From: bugtraq () cgisecurity net [mailto:bugtraq () cgisecurity net] 
Sent: Wednesday, August 09, 2006 9:33 PM
To: websecurity () webappsec org; webappsec () securityfocus com
Subject: [WEB SECURITY] Ruby On Rails 1.1.5 Released to Address Critical
Vulnerability

From their blog

"We're still hard at work on Rails 1.2, which features all the new dandy
REST stuff and more, but a serious security concern has come to our
attention that needed to be addressed sooner than the release of 1.2
would allow. So here's Rails 1.1.5!

This is a MANDATORY upgrade for anyone not running on a very recent edge
(which isn't affected by this). 
If you have a public Rails site, you MUST upgrade to Rails 1.1.5. The
security issue is severe and you do not want to be caught unpatched.

The issue is in fact of such a criticality that we're not going to dig
into the specifics. No need to arm would-be assalients."

Blog URL: http://weblog.rubyonrails.com/

- Robert
http://www.cgisecurity.com/ Website Security, and Application Security
News http://www.cgisecurity.com/index.rss [RSS news Feed]

------------------------------------------------------------------------
----
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]


-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire was recently named the worldwide market leader in Web
application security assessment tools by both Gartner and IDC.
Download a free trial of AppScan today and see why more customers choose
AppScan then any other solution. Try it today!

https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB
--------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault