Rails Security Vulnerability

[Benjamin Oakes]

Hello Rubyists,

I got this notice from Heroku, but I figured others should know as
well. This is separate from the Devise vulnerability and the earlier
Rails vulnerability.

Gist: if your app is on 3.1.x or 3.2.x, you shouldn't be affected.
Otherwise, upgrade as soon as possible.

> ACTION REQUIRED: Rails Security Vulnerability
>
> Today a serious security vulnerability [CVE-2013-0333] has been found in the Ruby on Rails framework. This exploit affects applications running Rails 3.0.x and 2.3.x and a patch has been made available. This is a different vulnerability than the one announced on Jan 11th.

https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo

Ben

--
http://www.benjaminoakes.com/
http://www.twitter.com/benjaminoakes

[Dan Bernier]

Thanks for sending that on! I saw it, but thought it was the same problem from earlier. =/

--
You received this message because you are subscribed to the Google Groups "newhaven.rb" group.
To unsubscribe from this group and stop receiving emails from it, send an email to newhavenrb+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--
twitter @danbernier
http://wordcram.org | http://newhavenrb.org

[Diego Scataglini]

This is BS. Screw it, I am switching back to guava!

Diego Scataglini
work: http://www.junivi.com
blog: http://www.diegoscataglini.com
twitter: http://twitter.com/_sc
wwr: http://www.workingwithrails.com/person/5269-diego-scataglini
skype: dscataglini
cell. 561-856-5622

On Tue, Jan 29, 2013 at 9:38 AM, Benjamin Oakes <b...@benjaminoakes.com> wrote: