[WEB SECURITY] Ruby On Rails 1.1.5 Released to Address Critical Vulnerability
bugtraq at cgisecurity.net
bugtraq at cgisecurity.net
Wed Aug 9 21:33:17 EDT 2006
>From their blog
"We're still hard at work on Rails 1.2, which features all the new dandy REST stuff and more, but a
serious security concern has come to our attention that needed to be addressed sooner than the release
of 1.2 would allow. So here's Rails 1.1.5!
This is a MANDATORY upgrade for anyone not running on a very recent edge (which isn't affected by this).
If you have a public Rails site, you MUST upgrade to Rails 1.1.5. The security issue is severe and you do
not want to be caught unpatched.
The issue is in fact of such a criticality that we're not going to dig into the specifics. No need to
arm would-be assalients."
Blog URL: http://weblog.rubyonrails.com/
- Robert
http://www.cgisecurity.com/ Website Security, and Application Security News
http://www.cgisecurity.com/index.rss [RSS news Feed]
----------------------------------------------------------------------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
More information about the websecurity
mailing list