08 Jan '13, 8pm

Rails

I'd like to announce that 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been released. These releases contain two extremely critical security fixes so please update IMMEDIATELY . You can read about the security fixes by following these links: CVE-2013-0155 CVE-2013-0156 In order to ease upgrading, the only major changes in each gem are the security fixes. To see the detailed changes for each version, follow the links below: Changes in 3.2.11 Changes in 3.1.10 Changes in 3.0.19 Changes in 2.3.15 Thanks to the people who responsibly reported these security issues. Here are the SHA-1 checksums for each gem: 3.2.11 [aaron@higgins dist]$ shasum *3.2.11* 933cd2821b30cdff4a2e0b5cc63f4d2c6b29affe actionmailer-3.2.11.gem 54731c51b55bf0215392971b982139775c0bfa2b actionpack-3.2.11.gem 5ccde66568d8051405c01063f1afaed13bd01082 activemodel-3.2.11.gem f360c17968486479b0a4207e7eccbe379186a9d2 a...

Full article: http://weblog.rubyonrails.org/2013/1/8/Rails-3-2-11-3-1-1...

Tweets

Anyone using Rails in production should upgrade...

ruby-forum.com 08 Jan '13, 8pm

Hi everybody. I'd like to announce that 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been released. These releases contain two ...

Ruby on Rails 3.2.11 released to address 2 "ext...

news.softpedia.com 09 Jan '13, 10am

Less than one week has passed since Ruby on Rails 3.2.10 was released to address an SQL Injection vulnerability. However, ...

Ruby on Rails vulnerable to six year old flaw

zdnet.com 09 Jan '13, 1am

A critical vulnerability has been discovered in Ruby on Rails that affects almost every version of the framework. A contri...

Ruby on Rails patches more critical vulnerabili...

infoworld.com 09 Jan '13, 12pm

Those using the Ruby on Rails Web application framework on their websites are being advised to update the software immedia...

Extremely critical Ruby on Rails bug threatens ...

arstechnica.com 09 Jan '13, 12am

Hundreds of thousands of websites are potentially at risk following the discovery of an extremely critical vulnerability i...

Une faille très grave sur Ruby On Rails

mac4ever.com 09 Jan '13, 10am

Le frameworks Ruby On Rails est frappé d'une faille assez grave, mettant en danger des centaines de milliers de sites et s...

「Ruby on Rails」に複数の脆弱性、対策を呼びかけ(JVN) | ScanNetSe...

scan.netsecurity.ne.jp 09 Jan '13, 9am

独立行政法人 情報処理推進機構(IPA)および一般社団法人 JPCERT コーディネーションセンター(JPCERT/CC)は1月9日、「Ruby on Rails」に複数の脆弱性が存在すると「Japan Vulnerability Notes(...

Critical Ruby on Rails flaws fixed, upgrade imm...

net-security.org 09 Jan '13, 2pm

For the second week in a row since the start of the new year, users of open source web application framework Ruby on Rails...

Are you running Rails? Have you upgraded? If not, stop, upgrade IMMEDIATELY.

Are you running Rails? Have you upgraded? If no...

techweekeurope.co.uk 09 Jan '13, 4pm

A significant flaw on the Ruby on Rails web development framework might have put thousands of websites at risk of being ha...

Exploit Code for Ruby on Rails Flaw Likely on t...

threatpost.com 09 Jan '13, 4pm

The vulnerabilities patched Tuesday in the Ruby on Rails Web framework have security researchers warning of the potential ...

Critical vulnerability in Ruby on Rails paramet...

h-online.com 09 Jan '13, 11am

The developers of Ruby on Rails are calling on users to update their Rails installations as soon as possible, following th...

Critical vulnerability in Ruby on Rails paramet...

h-online.com 09 Jan '13, 11am

The developers of Ruby on Rails are calling on users to update their Rails installations as soon as possible, following th...

Gefahr durch eingeschmuggelte Ruby on Rails-Obj...

heise.de 09 Jan '13, 4pm

Die Entwickler von Ruby on Rails fordern Nutzer zu einem schnellstmöglichen Update ihrer Rails-Installationen auf. Sie rea...

Ruby on Rails Releases 'Extremely Critical' Sec...

securityweek.com 09 Jan '13, 6pm

The latest versions, 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been updated with "two extremely critical security fixes" and...

2 mises à jour urgentes pour Ruby on Rails: Les utilisateurs du framework Open Source Ruby on Rails doivent le m...

2 mises à jour urgentes pour Ruby on Rails: Les...

lemondeinformatique.fr 09 Jan '13, 9am

Les utilisateurs du framework Open Source Ruby on Rails doivent le mettre à jour sans délai après la découverte de failles...