Ruby on Rails security updates address SQL injection flaw

Ruby on Rails security updates address SQL injection flaw #infosec

January 03, 2013 — IDG News Service — The developers of Ruby on Rails, a popular Web application development framework for the Ruby programming language, released versions 3.2.10, 3.1.9, and 3.0.18 of the software on Wednesday in order to patch a serious SQL injection vulnerability. "These releases contain an important security fix," the Rails development team said in a blog post . "It is recommended that all users upgrade immediately." The vulnerability is located in the framework's Active Record database query interface and allows potential attackers to inject arbitrary SQL (Structured Query Language) statements. SQL injection vulnerabilities are commonly exploited by attackers to extract information from databases. The Rails developers apologized for releasing a security update so close to the holidays, but said that they were forced to rush out a patch because the vuln...

Full article: http://www.csoonline.com/article/725387/ruby-on-rails-sec...