12 Jan '13, 6pm

Rails vulnerabilities are not Rails'

Would it make sense for Rails controllers to accept YAML-encoded parameters? Of course it does. URL-encoded, XML, and JSON are data serialization formats, YAML also. Abstracting a bit, the invocation of a Rails controller is nothing but a remote procedure invocation between the front-end and the backend of a web application, between a client and a server (in a client-server architecture), more generally between two distributed modules in your software. The choice of a serialization format is an implementation detail. You take the one that naturally fits. Imagine a client for which YAML naturally fits and you'll ask rails controllers to take YAML as input.

Full article: http://www.revision-zero.org/rails-vulnerabilities-are-no...

Tweets

Ruby on Rails Vulnerabilities Discovered, Users Urged to Update Immediately

Ruby on Rails Vulnerabilities Discovered, Users...

thewhir.com 10 Jan '13, 4pm

A vulnerability discovered on the Ruby on Rails web application framework allows attackers to bypass authentication system...

Read @adamjodonnell's insights on the latest Ru...

blog.sourcefire.com 09 Jan '13, 8pm

A little under 24 hours ago two major, long-standing vulnerabilities were announced in the popular web programming framewo...

Ruby on Rails patches more critical vulnerabili...

infoworld.com 09 Jan '13, 12pm

Those using the Ruby on Rails Web application framework on their websites are being advised to update the software immedia...

Ruby on Rails patches more critical vulnerabilities: Those using the Ruby on Rails web application framework on

Ruby on Rails patches more critical vulnerabili...

news.hitb.org 09 Jan '13, 10am

Those using the Ruby on Rails web application framework on their websites are being advised to update the software immedia...

Java Zero-Day Exploit and Ruby on Rails Vulnera...

blog.trendmicro.com 11 Jan '13, 10pm

Clearly, this is a serious situation and people should take steps to protect themselves as best they can. People running R...

Me at @CSO_Australia: "Nasty Ruby on Rails vuln...

cso.com.au 11 Jan '13, 4am

The revelation of serious long-term vulnerabilities in the popular Ruby on Rails web programming framework is just one of ...

Update Ruby now before it goes off the Rails #I...

csoonline.com 12 Jan '13, 10pm

January 11, 2013 — PC World — Do you use Ruby on Rails? If so, it's time to update. Now. Ruby on Rails is an open source W...

Update Ruby now before it goes off the Rails #ITWorld

Update Ruby now before it goes off the Rails #I...

itworld.com 11 Jan '13, 9pm

January 11, 2013, 4:20 PM — Do you use Ruby on Rails? If so, it's time to update. Now. Ruby on Rails is an open source Web...

Ruby on Rails 3.2.11 released to address 2 "ext...

news.softpedia.com 09 Jan '13, 10am

Less than one week has passed since Ruby on Rails 3.2.10 was released to address an SQL Injection vulnerability. However, ...

.@appboy patches its servers after Ruby on Rail...

blog.appboy.com 11 Jan '13, 5pm

Earlier this week, a serious advisory was posted to the Ruby on Rails security discussion list . Unknown hacker groups had...

Update Ruby now before it goes off the Rails

Update Ruby now before it goes off the Rails

pcworld.com 10 Jan '13, 10pm

Do you use Ruby on Rails? If so, it’s time to update. Now. Ruby on Rails is an open source Web application framework built...

Exploit Code, Metasploit Module Out for Ruby on...

threatpost.com 10 Jan '13, 3pm

Just two days after the disclosure of a string of serious vulnerabilities in Ruby on Rails, researchers have released proo...

Ruby on Rails に複数の脆弱性

jvn.jp 09 Jan '13, 3am

US-CERT Vulnerability Note VU#380039 Ruby on Rails contains multiple vulnerabilities in parameter parsing in the Action Pa...

ModSecurity Mitigations for Ruby on Rails XML Exploits

ModSecurity Mitigations for Ruby on Rails XML E...

blog.spiderlabs.com 10 Jan '13, 6pm

There is big trouble in Ruby on Rails (RoR) land... The issue is related to XML parsing of YAML document elements or Symbo...

Ruby on Rails Bootcamp in Seattle

codefellows.org 10 Jan '13, 2pm

Immersive education is the best way to learn how to code. You'll be living and breathing Ruby on Rails every day of the we...