43 Folders

43 Folders feed subscription icon - Shiny!Time, Attention, and Creative Work. After 4 years and a lot of productivity pr0n, we’re shifting gears. Re-learn how to use 43 Folders. Then back to work. [»]

”What’s 43 Folders?”
43Folders.com is Merlin Mann’s website about finding the time and attention to do your best creative work.

New Ruby on Rails Security Problem

jabba | Aug 10 2006

If you're using Tracks or any other Ruby on Rails app, there's a new critical vulnerability. The upgrade is mandatory and should be applied IMMEDIATELY.

From SANS:

Quote:
A new version of Ruby on Rails (a very popular framework for developing database-backed web applications) has been released which patches a critical security vulnerability.

The details about the vulnerability have not been disclosed yet, but the authors urge everyone to patch as soon as possible: "This is a MANDATORY upgrade for anyone not running on a very recent edge".

Unfortunately, they didn't specify what this "very recent edge" exactly is, so you can't say if you are vulnerable or not. We can confirm, though, that all older versions (0.13, 0.14, 1.0 and 1.1.x) are vulnerable.

The new version (1.1.5) is supposed to be completely compatible with 1.1.4, however we would recommend that you check the original post about this available at http://weblog.rubyonrails.com/.

The new version can be downloaded from http://rubyforge.org/frs/?group_id=307.

Justin (Security Wonk and lapsed but trying GTD'r)


‹ don't let bash's new mail notifications distract your work Going full screen ›
1 Comment
POSTED IN:
  • 598 reads
TOPICS: GNU/Linux

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
emory's picture

and again: http://weblog.rubyonrails.com/2006/8/10/rails-1-1-

Submitted by emory on August 11, 2006 - 8:30am.

and again:

http://weblog.rubyonrails.com/2006/8/10/rails-1-1-6-backports-and-full-disclosure

now move to 1.1.6.

»
 
EXPLORE 43Folders THE GOOD STUFF

An Oblique Strategy:
Discover the recipes you are using and abandon them

STAY IN THE LOOP:

Subscribe with Google Reader

Subscribe on Netvibes

Add to Technorati Favorites

Subscribe on Pageflakes

Add RSS feed

The Podcast Feed

Inbox Zero

The original 43 Folders series looking at the skills, tools, and attitude needed to empty your email inbox — and then keep it that way. Don’t miss the free video of Merlin’s Inbox Zero presentation.

Making Time

3-part series on attention management for artists and makers. Read Bad Correspondence, The Job You Think You Have, and One Clear Line.