[LRUG] Serious Vulnerability in all versions of Rails. Upgrade now.
Matthew Rudy Jacobs
matthewrudyjacobs at gmail.com
Tue Jan 8 13:34:38 PST 2013
Steve Klabnik suggests in addition we check for any gems doing a
`YAML.load` from user input.
https://twitter.com/steveklabnik/status/288745291765657601
On 8 January 2013 21:20, Matthew Rudy Jacobs <matthewrudyjacobs at gmail.com>wrote:
> I guess you all know.
>
> But for anyone who hasn't yet heard.
> All versions of rails need to be upgraded or patched.
>
>
> https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20130108/145b6073/attachment-0003.html>
More information about the Chat
mailing list