08 Jan '13, 8pm

Anyone using Rails in production should upgrade immediately to Rails 3.2.11 (remote code exec, not the Jan 2nd issue)

Hi everybody. I'd like to announce that 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been released. These releases contain two **extremely critical security fixes** so please update **IMMEDIATELY**. You can read about the security fixes by following these links: * [CVE-2013-0155](https://groups.google.com/group/rubyonrails-securi... ) * [CVE-2013-0156](https://groups.google.com/group/rubyonrails-securi... ) In order to ease upgrading, the only major changes in each gem are the security fixes. To see the detailed changes for each version, follow the links below: * [Changes in 3.2.11](https://github.com/rails/rails/compare/v3.2.10...v3.2.11 ) * [Changes in 3.1.10](https://github.com/rails/rails/compare/v3.1.9...v3.1.10 ) * [Changes in 3.0.19](https://github.com/rails/rails/compare/v3.0.18...v3.0.19 ) * [Changes in 2.3.15](https://github.com/rails/rails/compare/v2.3.14...v2.3.15 )...

Full article: http://www.ruby-forum.com/topic/4409650

Tweets

Rails

weblog.rubyonrails.org 08 Jan '13, 8pm

I'd like to announce that 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been released. These releases contain two extremely crit...

Ruby on Rails 3.2.11 released to address 2 "ext...

news.softpedia.com 09 Jan '13, 10am

Less than one week has passed since Ruby on Rails 3.2.10 was released to address an SQL Injection vulnerability. However, ...

Ruby 2.0.0-rc1 was released

ruby-forum.com 07 Jan '13, 4pm

Japanese follows; $BF|K\8l$O$"$H$G(B Hello all -- We are pleased to announce the release of Ruby 2.0.0-rc1, the first rele...

Critical Ruby on Rails flaws fixed, upgrade imm...

net-security.org 09 Jan '13, 2pm

For the second week in a row since the start of the new year, users of open source web application framework Ruby on Rails...

Exploit Code for Ruby on Rails Flaw Likely on t...

threatpost.com 09 Jan '13, 4pm

The vulnerabilities patched Tuesday in the Ruby on Rails Web framework have security researchers warning of the potential ...

Ruby on Rails patches more critical vulnerabili...

infoworld.com 09 Jan '13, 12pm

Those using the Ruby on Rails Web application framework on their websites are being advised to update the software immedia...

Ruby on Rails Releases 'Extremely Critical' Sec...

securityweek.com 09 Jan '13, 6pm

The latest versions, 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been updated with "two extremely critical security fixes" and...

Ruby on Rails มีบั๊ก Remote Code Execution, ควร...

blognone.com 09 Jan '13, 3am

บั๊กใน Roby on Rails ที่ใช้โมดูล XML parameter เพื่อรับค่าพารามิเตอร์ในการโพสแบบ XML กำลังทำให้เว็บไซต์ที่รัน Ruby on Rail...

Ruby on Rails vulnerable to six year old flaw

zdnet.com 09 Jan '13, 1am

A critical vulnerability has been discovered in Ruby on Rails that affects almost every version of the framework. A contri...

Extremely critical Ruby on Rails bug threatens ...

arstechnica.com 09 Jan '13, 12am

Hundreds of thousands of websites are potentially at risk following the discovery of an extremely critical vulnerability i...

Are you running Rails? Have you upgraded? If not, stop, upgrade IMMEDIATELY.

Are you running Rails? Have you upgraded? If no...

techweekeurope.co.uk 09 Jan '13, 4pm

A significant flaw on the Ruby on Rails web development framework might have put thousands of websites at risk of being ha...

Critical vulnerability in Ruby on Rails paramet...

h-online.com 09 Jan '13, 11am

The developers of Ruby on Rails are calling on users to update their Rails installations as soon as possible, following th...

Critical vulnerability in Ruby on Rails paramet...

h-online.com 09 Jan '13, 11am

The developers of Ruby on Rails are calling on users to update their Rails installations as soon as possible, following th...

New flaw in Ruby on Rails:

New flaw in Ruby on Rails:

infosecurity-magazine.com 09 Jan '13, 1pm

Earlier today the Internet Storm Center (ISC) reported , “A SQL Injection Flaw (CVE-2012-5664) was announced last week (Ja...

Une faille très grave sur Ruby On Rails

mac4ever.com 09 Jan '13, 10am

Le frameworks Ruby On Rails est frappé d'une faille assez grave, mettant en danger des centaines de milliers de sites et s...