[SECURITY] Sinatra 0.9.1.1 / 0.9.0.5 security updates released
16 views
Skip to first unread message
Ryan Tomayko
Mar 10, 2009, 2:16:31 AM3/10/09
to sina...@googlegroups.com
Brian Candler reported a major security issue today that effects all
Sinatra 0.9.x release versions. The static file route was vulnerable
to directory traversal exploits, which could allow an attacker to read
files outside of the static files directory. We've released 0.9.0.5
and 0.9.1.1 gems to rubyforge that correct the issue.
Sinatra 0.9.x release versions. The static file route was vulnerable
to directory traversal exploits, which could allow an attacker to read
files outside of the static files directory. We've released 0.9.0.5
and 0.9.1.1 gems to rubyforge that correct the issue.
All production 0.9.1 deployments should be upgraded to the latest
version immediately:
gem install sinatra
If you're running on 0.9.0 and prefer not to upgrade to 0.9.1, please
install the latest 0.9.0 gem:
gem install sinatra --version 0.9.0.5
For more information, see ticket #177:
http://sinatra.lighthouseapp.com/projects/9779/tickets/177
Thanks,
Ryan
Reply all
Reply to author
Forward
0 new messages