[LRUG] Serious Vulnerability in all versions of Rails. Upgrade now.
Chris Parsons
chris.p at rsons.org
Wed Jan 9 01:09:57 PST 2013
Yep, this one's a biggie. You really need to update all your Rails apps, right away.
It's reasonably easy to create a DoS attack on any rails app using it: some of the guys on the team I'm working on right now proved it last night, shortly before we patched. It's only marginally less easy to craft writes into your database.
Chris
On 9 Jan 2013, at 06:58, Graham Ashton <graham at effectif.com> wrote:
> That post covers the previous vulnerability. The ones announced last night are new (and more serious), leading to "upgrade immediately" recommendations.
>
> Mark Burns <markthedeveloper at gmail.com> wrote:
>
> This gives a useful breakdown of the details
>
> http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/
>
>
> On 9 January 2013 06:20, Matthew Rudy Jacobs <matthewrudyjacobs at gmail.com> wrote:
> I guess you all know.
>
> But for anyone who hasn't yet heard.
> All versions of rails need to be upgraded or patched.
>
> https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion
>
> _______________________________________________
> Chat mailing list
> Chat at lists.lrug.org
> http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>
>
> _______________________________________________
> Chat mailing list
> Chat at lists.lrug.org
> http://lists.lrug.org/listinfo.cgi/chat-lrug.org
--
Chris Parsons
chris.p at rsons.org
http://twitter.com/chrismdp
http://pa.rsons.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20130109/2d1edb02/attachment-0003.html>
More information about the Chat
mailing list