The recent rails vulnerability

Vít Ondruch vondruch at redhat.com
Thu Jan 10 15:29:11 UTC 2013


Dne 10.1.2013 16:14, Tejas Dinkar napsal(a):
> Just in case you guys hadn't heard about it: 
> https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/61bkgvnSGTQ 
> <https://groups.google.com/forum/?fromgroups=#%21topic/rubyonrails-security/61bkgvnSGTQ>
>
> This is considered an urgent fix.
>
>

Thank you for heads-up.

Rawhide was updated to Rails 3.2.11 yesterday and there are already 
updates for F18 [1] and F17 [2].

Unfortunately, there is one incompatibility introduced by these fixes, 
so I am not sure if I should push it into stable.

Working on F16 now but I am afraid I'm not going to make it today :/ But 
somebody will continue where I will end.



Vít



[1] 
https://admin.fedoraproject.org/updates/rubygem-actionpack-3.2.8-2.fc18,rubygem-activerecord-3.2.8-3.fc18,rubygem-activesupport-3.2.8-2.fc18
[2] 
https://admin.fedoraproject.org/updates/rubygem-actionpack-3.0.11-8.fc17,rubygem-activerecord-3.0.11-5.fc17,rubygem-activemodel-3.0.11-2.fc17,rubygem-activesupport-3.0.11-7.fc17
[3] https://github.com/rails/rails/issues/8832


More information about the ruby-sig mailing list