The latest versions, 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been updated with "two extremely critical security fixes" and should be applied immediately, according to a post on RubyonRails.org Jan. 8. The "multiple weaknesses" in the parameter parsing code for Ruby on Rails allow atta...
“The Ruby on Rails SQL injection flaw highlighted in CVE-2012-5664 is a non-issue for most organizations and application developers,” Moore told SecurityWeek . “The injection case is only possible when developers go out of their way to process user input in a non-standard way or have ...
In the case of the RoR vulnerabilities, a well hardened system would have saved the day for most RoR web applications. Many applications don’t use XML serialization at all. From those who do use it, only a minority are actually using the YAML serialization format. Therefore, the vast ...
Singapore Arrests Indian Boy Over Facebook Bomb Threat Facebook Fixes "Midnight Delivery" Privacy Flaw Microsoft Releases Fix It Tool to Address IE Security Zero-Day Malware Found Targeting Web Servers Microsoft Confirms IE Zero-day Vulnerability Used in 'Watering Hole' Attacks Army D...
