Re: Security fix CVE-2012-5664 exists in rails 2.3.15

[Rick]

The original announcement of Rails 3.2.10...  was posted on January 2. The current version is at 3.2.12.  It's quite possible the 2.3 branch has also advanced.
Rick

On Sunday, February 24, 2013 9:47:00 AM UTC-5, Ariel Tal wrote:

Hello,

I was looking to migrate the patch described in this link (https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM) to the rails 2.3 branch, but when doing so realized that it's already there.

I couldn't find anything about this in the release notes, I was wondering if the link above might be incomplete? If it's not a mistake, is it possible to add a note about it somewhere?

Thanks,

Ariel

[Ariel Tal]

I was looking for something official that would indicate that.

Thanks,

Ariel

[Frederick Cheung]

The change log for rails 2.3.15 ( https://github.com/rails/rails/compare/v2.3.14...v2.3.15) shows that a fix for cve-2012-5664 was in that version

Fred

[Ariel Tal]

Thank you! Just what I was looking for!

[Walter Lee Davis]

Start here: https://groups.google.com/forum/#!forum/rubyonrails-security

Walter

> --
> You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-ta...@googlegroups.com.
> To post to this group, send email to rubyonra...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/tCE5PSKhjBgJ.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>