Rails 1.2.5: Closes JSON XSS vulnerability
132 views
Skip to first unread message
DHH
Oct 12, 2007, 12:50:53 PM10/12/07
to Ruby on Rails: Security
This release closes a JSON XSS vulnerability, fixes a couple of minor
regressions introduced in 1.2.4, and backports a handful of features
and fixes from the 2.0 preview release.
regressions introduced in 1.2.4, and backports a handful of features
and fixes from the 2.0 preview release.
All users of Rails 1.2.4 or earlier are advised to upgrade to 1.2.5,
though it isn't strictly necessary if you aren't working with JSON.
For more information the JSON vulnerability, see CVE-2007-3227.
Reply all
Reply to author
Forward
0 new messages