27 Jan '13, 3am

Top Ruby Article: XML-YAML-parsing security fix for older versions of rails:

Earlier I mentioned the Serious Rails vulnerability that affects all versions of Rails for the last six years. A fix has been put into the latest versions of Rails 2 and 3. but it requires you to upgrade to the latest version. If you have an older version of rails and can't upgrade for various reasons (eg we are still stuck on v 2.3.2 due to some legacy code), there's a better fix for the *link* xml parsing error than the workarounds on offer (which tend to switch off your ability to parse XML). The fix that we've done requires that you use bundler, though you could equally-well freeze rails into vendor/gems and make the same patch there. We chose the bundler/github approach because it reduces the size of our repository. Step 1: fork a copy of rails for yourself fork rails git clone it into a local directory. checkout the *tag* that corresponds with the version you are on ...

Full article: http://rubyglasses.blogspot.com/2013/01/xml-yaml-parsing-...

Tweets

Vulnerability in JSON Parser in Ruby on Rails 3...

groups.google.com 28 Jan '13, 9pm

Dieser Browser wird nicht unterstützt.

Vulnerability in JSON Parser in Ruby on Rails 3...

groups.google.com 28 Jan '13, 9pm

Dieser Browser wird nicht unterstützt.

Some Versions of Ruby on Rails Vulnerable to Ne...

threatpost.com 29 Jan '13, 6pm

A vulnerability exists in Ruby on Rails’ JavaScript Object Notation (JSON) code that could open the Web framework up to a ...

Ruby off the Rails: What The Rails Security Iss...

metafilter.com 02 Feb '13, 1am

What The Rails Security Issue Means For Your Startup summarizes the impact of recent arbitrary-code-execution security vul...

【電】 悪用コード出回る「Ruby on Rails」の脆弱性に注意を - NTTデータ先端技...

security-next.com 25 Jan '13, 2am

悪用コード出回る「Ruby on Rails」の脆弱性に注意を - NTTデータ先端技術が検証 NTTデータ先端技術は、「Ruby on Rails」の「Action Pack」に任意のコードが実行可能となる脆弱性が見つかった問題で、アップデー...

Ruby on Rails receives the third security patch...

news.techworld.com 30 Jan '13, 9am

Developers of the Ruby on Rails web development framework have released versions 3.0.20 and 2.3.16 of the software in orde...

Ruby on Rails receives the third security patch in less than a month

Ruby on Rails receives the third security patch...

pcworld.com 29 Jan '13, 9pm

Developers of the Ruby on Rails Web development framework released versions 3.0.20 and 2.3.16 of the software on Monday in...

security

kalzumeus.com 31 Jan '13, 3pm

Many Rails developers have not reacted to this news with the alacrity they should have. (See next question.) These applica...

Come learn Ruby on Rails with me and @withloudh...

skillshare.com 30 Jan '13, 7pm

Avi Flombaum will be a TA for this course, the main material will be lectured by Robert Whitney, a Flatiron Professor Robe...

Ettusais Quick Fix Powder

Ettusais Quick Fix Powder

retailtherapy.onsugar.com 27 Jan '13, 12pm

This entry features the famous Ettusais Quick Fix Powder - I was introduced to it a while back by my girlfriends who all r...

Ruby on Rails receives its third security patch...

infoworld.com 29 Jan '13, 7pm

Developers of the Ruby on Rails Web development framework released versions 3.0.20 and 2.3.16 of the software on Monday in...

Parse + Write to XML compliant files Ruby SAX b...

freelancer.com 01 Feb '13, 9am

Project Description: To write some Ruby code which parses an existing XML file with the format TMX into JSON which writes ...

Ruby on Rails receives third security patch in ...

computerworld.com 30 Jan '13, 9am

IDG News Service - Developers of the Ruby on Rails Web development framework released versions 3.0.20 and 2.3.16 of the so...

Ruby on Rails receives the third security patch...

networkworld.com 30 Jan '13, 1pm

IDG News Service - Developers of the Ruby on Rails Web development framework released versions 3.0.20 and 2.3.16 of the so...