Rails Security Vulnerability

[Mr Jaba]

Morning all, 

Some of you may have seen last night that a rather critical security issue was revealed in all versions of Rails, I won't explain all the details here the following links give more information:

http://www.insinuator.net/2013/01/rails-yaml/

https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion

Suffice to say it's a very serious issue allowing arbitrary code execution, SQL injection, the works. The Rails core team are advising everyone to upgrade *immediately* to new versions of Rails which are: 3.2.11, 3.1.10, 3.0.19, 2.3.15 

There are some workarounds listed in the discussion above as well if you can't immediately upgrade. 

Tom