That post covers the previous vulnerability. The ones announced last night are new (and more serious), leading to "upgrade immediately" recommendations.<br><br>Mark Burns <markthedeveloper@gmail.com> wrote:<br><br><div dir="ltr">This gives a useful breakdown of the details<div><br></div><div> <a href="http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/" target="_blank">http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/</a>
</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On 9 January 2013 06:20, Matthew Rudy Jacobs <span dir="ltr"><<a href="mailto:matthewrudyjacobs@gmail.com" target="_blank">matthewrudyjacobs@gmail.com</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I guess you all know.<div><br></div><div>But for anyone who hasn't yet heard.</div><div>All versions of rails need to be upgraded or patched.</div>

<div><br></div><div><a href="https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion" style="font-family:arial,sans-serif;font-size:13px" target="_blank">https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion</a><br>



</div></div>
<br>_______________________________________________<br>
Chat mailing list<br>
<a href="mailto:Chat@lists.lrug.org">Chat@lists.lrug.org</a><br>
<a href="http://lists.lrug.org/listinfo.cgi/chat-lrug.org" target="_blank">http://lists.lrug.org/listinfo.cgi/chat-lrug.org</a><br>
<br></blockquote></div><br></div>