Mark, that's from the previous vulnerability, which for several reasons was minor.<div><br></div><div><b>This new vulnerability is about as serious as it gets. SQL Injection, Code Execution, etc are all possible on any Rails app, and well within the skills of <i>any</i> script kiddie.</b></div>

<div><br></div><div>You want to upgrade or mitigate this as soon as you possibly can.</div><div><br><div class="gmail_quote">On Wed, Jan 9, 2013 at 1:45 AM, Mark Burns <span dir="ltr"><<a href="mailto:markthedeveloper@gmail.com" target="_blank">markthedeveloper@gmail.com</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">This gives a useful breakdown of the details<div><br></div><div> <a href="http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/" target="_blank">http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/</a>
</div></div><div class="gmail_extra"><br><br><div class="gmail_quote"><div><div class="h5">On 9 January 2013 06:20, Matthew Rudy Jacobs <span dir="ltr"><<a href="mailto:matthewrudyjacobs@gmail.com" target="_blank">matthewrudyjacobs@gmail.com</a>></span> wrote:<br>



</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div dir="ltr">I guess you all know.<div><br></div><div>But for anyone who hasn't yet heard.</div>

<div>All versions of rails need to be upgraded or patched.</div>

<div><br></div><div><a href="https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion" style="font-family:arial,sans-serif;font-size:13px" target="_blank">https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion</a><br>





</div></div>
<br></div></div>_______________________________________________<br>
Chat mailing list<br>
<a href="mailto:Chat@lists.lrug.org" target="_blank">Chat@lists.lrug.org</a><br>
<a href="http://lists.lrug.org/listinfo.cgi/chat-lrug.org" target="_blank">http://lists.lrug.org/listinfo.cgi/chat-lrug.org</a><br>
<br></blockquote></div><br></div>
<br>_______________________________________________<br>
Chat mailing list<br>
<a href="mailto:Chat@lists.lrug.org">Chat@lists.lrug.org</a><br>
<a href="http://lists.lrug.org/listinfo.cgi/chat-lrug.org" target="_blank">http://lists.lrug.org/listinfo.cgi/chat-lrug.org</a><br>
<br></blockquote></div><br></div>