Re: Extremely critical Ruby on Rails bug

From: Justin Coyne <justin_at_nyob>
Date: Wed, 9 Jan 2013 11:14:54 -0600
To: CODE4LIB_at_LISTSERV.ND.EDU 
Patrick, that is not the same vulnerability. That one was fixed by 3.2.10,
the latest vulnerability is fixed by 3.2.11.  The more recent vulnerability
is far more serious and can result in arbitrary code execution.

Regards,
Justin Coyne
Data Curation Experts



On Wed, Jan 9, 2013 at 11:06 AM, Patrick Berry <pberry_at_gmail.com> wrote:

> The Phusion folks did a nice summary write up.
>
>
> http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/#.UOX7xfhdeHG
>
>
> On Wed, Jan 9, 2013 at 6:27 AM, Ian Walls <iwalls_at_library.umass.edu>
> wrote:
>
> > Folks,
> >
> >
> >
> >
> >
> > I know a lot of you are running Ruby on Rails for various projects; just
> > wanted to be sure you saw this critical security issue with all versions
> of
> > Rails:
> >
> >
> http://arstechnica.com/security/2013/01/extremely-crtical-ruby-on-rails-bug-
> > threatens-more-than-200000-sites/
> >
> >
> >
> > In short, the following versions are safe: 3.2.11, 3.1.10, 3.0.19, or
> > 2.3.15
> >
> >
> >
> > Cheers,
> >
> >
> >
> >
> >
> > -Ian Walls
> >
> > Web Services and Emerging Technologies Librarian
> >
> > UMass Amherst Libraries
> >
>
Received on Wed Jan 09 2013 - 12:15:38 EST

URL: http://serials.infomotions.com/code4lib/