Ruby on Rails 1.2.6
81 views
Skip to first unread message
Michael Koziarski
Nov 24, 2007, 5:16:29 PM11/24/07
to rubyonrail...@googlegroups.com
The rails core team has released ruby on rails 1.2.6 to address a bug
in the fix for session fixation attacks(CVE-2007-5380). The CVE
Identifier for this new issue is CVE-2007-6077.
in the fix for session fixation attacks(CVE-2007-5380). The CVE
Identifier for this new issue is CVE-2007-6077.
You should upgrade to this new release if you do not take specific
session-fixation counter measures in your application. 1.2.6 also
fixes some regressions when working with has_many associations on
unsaved ActiveRecord objects.
As with other 1.2.x releases, this is intended as a drop in upgrade
for users of earlier versions in the 1.2 series.
--
Cheers
Koz
Reply all
Reply to author
Forward
0 new messages