Rails Security Vulnerability

1 view
Skip to first unread message

Benjamin Oakes

unread,
Jan 29, 2013, 9:38:35 AM1/29/13
to newhaven.rb
Hello Rubyists,

I got this notice from Heroku, but I figured others should know as
well. This is separate from the Devise vulnerability and the earlier
Rails vulnerability.

Gist: if your app is on 3.1.x or 3.2.x, you shouldn't be affected.
Otherwise, upgrade as soon as possible.

> ACTION REQUIRED: Rails Security Vulnerability
>
> Today a serious security vulnerability [CVE-2013-0333] has been found in the Ruby on Rails framework. This exploit affects applications running Rails 3.0.x and 2.3.x and a patch has been made available. This is a different vulnerability than the one announced on Jan 11th.

https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo

Ben

--
http://www.benjaminoakes.com/
http://www.twitter.com/benjaminoakes

Dan Bernier

unread,
Jan 29, 2013, 10:21:46 AM1/29/13
to newha...@googlegroups.com
Thanks for sending that on! I saw it, but thought it was the same problem from earlier. =/



--
You received this message because you are subscribed to the Google Groups "newhaven.rb" group.
To unsubscribe from this group and stop receiving emails from it, send an email to newhavenrb+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.





--
twitter @danbernier
http://wordcram.org | http://newhavenrb.org

Diego Scataglini

unread,
Jan 29, 2013, 10:24:35 AM1/29/13
to newha...@googlegroups.com
This is BS. Screw it, I am switching back to guava!
On Tue, Jan 29, 2013 at 9:38 AM, Benjamin Oakes <b...@benjaminoakes.com> wrote:
Reply all
Reply to author
Forward
0 new messages