oss-sec mailing list archives
Re: [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails
From: Solar Designer <solar () openwall com>
Date: Sun, 22 Dec 2013 14:34:07 +0400
Hi all, On Sun, Dec 22, 2013 at 01:29:58AM -0800, nick () firedev com wrote:
I am trying to upgrade but the suggested error handler doesn't work.
... Are these followup postings still on topic for oss-security, or should this possibly be discussed elsewhere and, if necessary and when ready, summarized for/on oss-security as well (e.g., in the form of a revised security advisory)? I am not sure, and as a co-moderator I am wondering if/when we should start rejecting messages in this thread that are CC'ed to oss-security by non-subscribers. I'd appreciate advice. This is actually part of a more generic issue: whenever an upstream project posts a security advisory CC'ed to that project's list(s) and to oss-security, we often end up getting followup postings by users of the project's software who are not into security and thus comment on non-security aspects. This is sometimes fine and maybe even desirable, but sometimes it gets too far off topic for oss-security, and it's often difficult for moderators to decide when to start rejecting. A better approach may be for upstream projects to be sending such announcements to their lists and to oss-security separately, not by CC'ing. (I actually asked OpenStack to start doing that a while ago, and I guess they're doing it that way now.) Alexander
Current thread:
- [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails Aaron Patterson (Dec 03)
- Re: [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails kpolitowicz (Dec 03)
- Re: Re: [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails Kurt Seifried (Dec 03)
- Re: Re: [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails Christopher Dell (Dec 05)
- Re: Re: [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails Kurt Seifried (Dec 05)
- Re: Re: [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails Kurt Seifried (Dec 03)
- Re: [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails kpolitowicz (Dec 03)
- Re: [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails chris (Dec 05)
- Re: [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails nick (Dec 22)
- Re: [CVE-2013-4491] Reflective XSS Vulnerability in Ruby on Rails Solar Designer (Dec 22)