WebApp Sec mailing list archives
RE: [WEB SECURITY] Ruby On Rails 1.1.5 Released to Address Critical Vulnerability
From: "Caleb Sima" <Caleb.Sima () spidynamics com>
Date: Thu, 10 Aug 2006 10:27:49 -0400
Exploit detail for the issue is being talked about in the ruby forums http://www.ruby-forum.com/topic/76671 -----Original Message----- From: bugtraq () cgisecurity net [mailto:bugtraq () cgisecurity net] Sent: Wednesday, August 09, 2006 9:33 PM To: websecurity () webappsec org; webappsec () securityfocus com Subject: [WEB SECURITY] Ruby On Rails 1.1.5 Released to Address Critical Vulnerability
From their blog
"We're still hard at work on Rails 1.2, which features all the new dandy REST stuff and more, but a serious security concern has come to our attention that needed to be addressed sooner than the release of 1.2 would allow. So here's Rails 1.1.5! This is a MANDATORY upgrade for anyone not running on a very recent edge (which isn't affected by this). If you have a public Rails site, you MUST upgrade to Rails 1.1.5. The security issue is severe and you do not want to be caught unpatched. The issue is in fact of such a criticality that we're not going to dig into the specifics. No need to arm would-be assalients." Blog URL: http://weblog.rubyonrails.com/ - Robert http://www.cgisecurity.com/ Website Security, and Application Security News http://www.cgisecurity.com/index.rss [RSS news Feed] ------------------------------------------------------------------------ ---- The Web Security Mailing List: http://www.webappsec.org/lists/websecurity/ The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/archive/ http://www.webappsec.org/rss/websecurity.rss [RSS Feed] ------------------------------------------------------------------------- Sponsored by: Watchfire Watchfire was recently named the worldwide market leader in Web application security assessment tools by both Gartner and IDC. Download a free trial of AppScan today and see why more customers choose AppScan then any other solution. Try it today! https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB --------------------------------------------------------------------------
Current thread:
- Ruby On Rails 1.1.5 Released to Address Critical Vulnerability bugtraq (Aug 09)
- RE: [WEB SECURITY] Ruby On Rails 1.1.5 Released to Address Critical Vulnerability Caleb Sima (Aug 10)
- RE: Ruby On Rails 1.1.5 Released to Address Critical Vulnerability James Pujals (Aug 10)