[ANN] Rails 3.2.10, 3.1.9, and 3.0.18 have been released!
78 views
Skip to first unread message
Aaron Patterson
Jan 2, 2013, 4:28:36 PM1/2/13
to rubyonra...@googlegroups.com, rubyonra...@googlegroups.com, ruby...@ruby-lang.org
Rails versions 3.2.10, 3.1.9, and 3.0.18 have been released. These releases contain an important security fix. It is recommended that **all users upgrade immediately**.
The security identifier is CVE-2012-5664, and you can read about the issue [here](add link).
For other change in each particular release, please see the CHANGELOG corresponding to that version. For all commits in each release, please follow the links below:
* [Changes in 3.2.10](https://github.com/rails/rails/compare/v3.2.9...v3.2.10)
* [Changes in 3.1.9](https://github.com/rails/rails/compare/v3.1.8...v3.1.9)
* [Changes in 3.0.18](https://github.com/rails/rails/compare/v3.0.17...v3.0.18)
We're sorry to drop a release like this so close to the holidays but regrettably the exploit has already been publicly disclosed and we don't feel we can delay the release.
To that end, we've minimized the number of changes in each release so that upgrading should be as smooth as possible.
Happy Holidays!
<3<3<3
--
Aaron Patterson
http://tenderlovemaking.com/
The security identifier is CVE-2012-5664, and you can read about the issue [here](add link).
For other change in each particular release, please see the CHANGELOG corresponding to that version. For all commits in each release, please follow the links below:
* [Changes in 3.2.10](https://github.com/rails/rails/compare/v3.2.9...v3.2.10)
* [Changes in 3.1.9](https://github.com/rails/rails/compare/v3.1.8...v3.1.9)
* [Changes in 3.0.18](https://github.com/rails/rails/compare/v3.0.17...v3.0.18)
We're sorry to drop a release like this so close to the holidays but regrettably the exploit has already been publicly disclosed and we don't feel we can delay the release.
To that end, we've minimized the number of changes in each release so that upgrading should be as smooth as possible.
Happy Holidays!
<3<3<3
--
Aaron Patterson
http://tenderlovemaking.com/
Aaron Patterson
Jan 2, 2013, 4:35:11 PM1/2/13
to Aaron Patterson, rubyonra...@googlegroups.com, rubyonra...@googlegroups.com, ruby...@ruby-lang.org
On Wed, Jan 02, 2013 at 01:28:36PM -0800, Aaron Patterson wrote:
> Rails versions 3.2.10, 3.1.9, and 3.0.18 have been released. These releases contain an important security fix. It is recommended that **all users upgrade immediately**.
>
> The security identifier is CVE-2012-5664, and you can read about the issue [here](add link).
Oops! Forgot the CVE link:
> Rails versions 3.2.10, 3.1.9, and 3.0.18 have been released. These releases contain an important security fix. It is recommended that **all users upgrade immediately**.
>
> The security identifier is CVE-2012-5664, and you can read about the issue [here](add link).
https://groups.google.com/group/rubyonrails-security/browse_thread/thread/c2353369fea8c53
Thanks for your patience!
Hongli Lai
Jan 3, 2013, 8:16:39 AM1/3/13
to rubyonra...@googlegroups.com, rubyonra...@googlegroups.com, ruby...@ruby-lang.org, tende...@ruby-lang.org
This article explains how the vulnerability works, how it is triggered and what the facts are: http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/
Reply all
Reply to author
Forward
0 new messages