<div dir="ltr">I don't think I've seen any mention on the list, so I thought it would be worth bringing up. There's a bunch of popular libraries that are affected by the same parameter parsing vulnerability as Rails was recently.<br>
<br><a href="https://gist.github.com/4532291">https://gist.github.com/4532291</a><br><div><br></div><div style>If you have most of your projects grouped in folders you can do this to quickly see if you are vulnerable due to some dependencies (assuming bundler for everything):<br>
<br>ack "crack|httparty|multi_xml|exlib|nori" */Gemfile.lock<br><br></div><div style>That command could maybe be improved by a bash/regex wizard to parse version numbers to, but it was sufficiently time saving for me.</div>
</div>