14 Jan '13, 5am

Ruby on Rails security updates address SQL injection flaw #infosec

January 03, 2013 — IDG News Service — The developers of Ruby on Rails, a popular Web application development framework for the Ruby programming language, released versions 3.2.10, 3.1.9, and 3.0.18 of the software on Wednesday in order to patch a serious SQL injection vulnerability. "These releases contain an important security fix," the Rails development team said in a blog post . "It is recommended that all users upgrade immediately." The vulnerability is located in the framework's Active Record database query interface and allows potential attackers to inject arbitrary SQL (Structured Query Language) statements. SQL injection vulnerabilities are commonly exploited by attackers to extract information from databases. The Rails developers apologized for releasing a security update so close to the holidays, but said that they were forced to rush out a patch because the vuln...

Full article: http://www.csoonline.com/article/725387/ruby-on-rails-sec...

Tweets

Ruby on Rails security updates address SQL inje...

csoonline.com 13 Jan '13, 12am

January 03, 2013 — IDG News Service — The developers of Ruby on Rails, a popular Web application development framework for...

SQL Injection Flaw in Ruby on Rails, (Wed, Jan ...

isc.sans.edu 09 Jan '13, 2am

A SQL Injection Flaw (CVE-2012-5664) was announced last week (Jan 2) in Ruby on Rails, but I think we missed reporting on ...

Ruby on Rails security updates address SQL inje...

networkworld.com 03 Jan '13, 7pm

IDG News Service - The developers of Ruby on Rails, a popular Web application development framework for the Ruby programmi...

Ruby on Rails security updates address SQL inje...

infoworld.com 03 Jan '13, 2pm

The developers of Ruby on Rails, a popular Web application development framework for the Ruby programming language, releas...

Ruby on Rails security updates address SQL inje...

csoonline.com 04 Jan '13, 3pm

January 03, 2013 — IDG News Service — The developers of Ruby on Rails, a popular Web application development framework for...

Ruby on Rails updates address SQL injection fla...

computerworld.com 03 Jan '13, 3pm

IDG News Service - The developers of Ruby on Rails, a popular open source Web application development framework for the Ru...

Ruby on Rails security updates address SQL inje...

news.techworld.com 03 Jan '13, 3pm

Ruby on Rails developers have released versions 3.2.10, 3.1.9, and 3.0.18 of the popular web application development frame...

Ruby On Rails SQL Injection Flaw Has Serious Re...

it.slashdot.org 09 Jan '13, 4pm

This one is quite a serious flaw, and the data this website in question deals with is very important data (citizen IDs), s...

New flaw in Ruby on Rails:

New flaw in Ruby on Rails:

infosecurity-magazine.com 09 Jan '13, 1pm

Earlier today the Internet Storm Center (ISC) reported , “A SQL Injection Flaw (CVE-2012-5664) was announced last week (Ja...

Ruby on Rails 3.2.11 released to address 2 "ext...

news.softpedia.com 09 Jan '13, 10am

Less than one week has passed since Ruby on Rails 3.2.10 was released to address an SQL Injection vulnerability. However, ...

Exploit Code for Ruby on Rails Flaw Likely on t...

threatpost.com 09 Jan '13, 4pm

The vulnerabilities patched Tuesday in the Ruby on Rails Web framework have security researchers warning of the potential ...

SQL Injection Flaw Haunts All Ruby on Rails Ver...

threatpost.com 03 Jan '13, 3pm

All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an atta...

Update Ruby now before it goes off the Rails #I...

csoonline.com 12 Jan '13, 10pm

January 11, 2013 — PC World — Do you use Ruby on Rails? If so, it's time to update. Now. Ruby on Rails is an open source W...

SQL Injection Flaw Haunts All Ruby on Rails Ver...

threatpost.com 03 Jan '13, 3pm

All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an atta...

Ruby on Rails derails 240,000 sites with enormo...

theregister.co.uk 10 Jan '13, 3pm

Popular programming framework Ruby on Rails is affected by two critical security vulnerabilities - one allowing anyone to ...