Re: Rails exploit in multi_xml remote code execution monkeypatch
21 views
Skip to first unread message
Spaceghost
Jan 11, 2013, 4:50:30 AM1/11/13
to rubyonra...@googlegroups.com
After I sobered up, it's actually just anything that ends up using multi_xml.
On Thursday, January 10, 2013 7:28:12 PM UTC-5, Spaceghost wrote:
Sorry for any confusion. :/
~Spaceghost
On Thursday, January 10, 2013 7:28:12 PM UTC-5, Spaceghost wrote:
Our friend the fowlest of ducks put together a nice monkeypatch for us to require after multi_xml is required.This affects any rails project, any project using activesupport, possibly more.https://gist.github.com/d7f6d9f4925f413621aaYou probably won't need help with applying it, but here's an update on a proper fix. Should be in by Saturday perhaps.I'm also going to take this chance to be that guy and say retweet this if you can. https://twitter.com/fowlduck/status/289514566558310401~Spaceghost
Reply all
Reply to author
Forward
0 new messages