Hello Rubyists,
I got this notice from Heroku, but I figured others should know as
well. This is separate from the Devise vulnerability and the earlier
Rails vulnerability.
Gist: if your app is on 3.1.x or 3.2.x, you shouldn't be affected.
Otherwise, upgrade as soon as possible.
> ACTION REQUIRED: Rails Security Vulnerability
>
> Today a serious security vulnerability [CVE-2013-0333] has been found in the Ruby on Rails framework. This exploit affects applications running Rails 3.0.x and 2.3.x and a patch has been made available. This is a different vulnerability than the one announced on Jan 11th.
https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo
Ben
--
http://www.benjaminoakes.com/
http://www.twitter.com/benjaminoakes