31 Jan '13, 3pm

security

Many Rails developers have not reacted to this news with the alacrity they should have. (See next question.) These applications may be compromised already . There are many Rails applications which were created years ago, which are not under active development any more, for whom no-one is responsible for applying security patches. Any of these applications which are publicly routable on the Internet will be compromised . There are many Rails applications which are installed by end users, some of whom do not have security expertise. For example, Redmine — an open source developer productivity tool — is commonly installed at individual companies. Every publicly accessible Redmine instance which is not patched will be compromised . Ruby on Rails lacks a CMS with the mindshare of, say, WordPress, which is good, because every unpatched Ruby on Rails CMS delivered to a non-techni...

Full article: http://www.kalzumeus.com/2013/01/31/what-the-rails-securi...

Tweets

Ruby off the Rails: What The Rails Security Iss...

metafilter.com 02 Feb '13, 1am

What The Rails Security Issue Means For Your Startup summarizes the impact of recent arbitrary-code-execution security vul...

Ruby on Rails receives the third security patch...

news.techworld.com 30 Jan '13, 9am

Developers of the Ruby on Rails web development framework have released versions 3.0.20 and 2.3.16 of the software in orde...

Ruby on Rails receives the third security patch...

networkworld.com 30 Jan '13, 1pm

IDG News Service - Developers of the Ruby on Rails Web development framework released versions 3.0.20 and 2.3.16 of the so...

#toronto Ruby on rails receives the third secur...

news.techworld.com 30 Jan '13, 11am

Developers of the Ruby on Rails web development framework have released versions 3.0.20 and 2.3.16 of the software in orde...

Ruby on Rails receives third security patch in ...

computerworld.com 30 Jan '13, 9am

IDG News Service - Developers of the Ruby on Rails Web development framework released versions 3.0.20 and 2.3.16 of the so...

Want to work on application security for @engineyard? Hit me up!

Want to work on application security for @engin...

engineyard.com 02 Feb '13, 1am

Engine Yard, Inc. Products Products Compare Products Engine Yard Cloud Engine Yard Managed Engine Yard Local Orchestra PHP...

Django: 16 vulnerabilities. DoS, XSS, CSRF. Rai...

cvedetails.com 30 Jan '13, 9pm

active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and ...

Not many new libraries or code but a ton of gre...

rubyweekly.com 31 Jan '13, 3pm

RubyGems.org Compromised I wouldn't normally link to a Hacker News discussion but it's a great source of information. Basi...

Ruby on Rails receives its third security patch...

infoworld.com 29 Jan '13, 7pm

Developers of the Ruby on Rails Web development framework released versions 3.0.20 and 2.3.16 of the software on Monday in...

Ruby on Rails receives the third security patch in less than a month

Ruby on Rails receives the third security patch...

pcworld.com 29 Jan '13, 9pm

Developers of the Ruby on Rails Web development framework released versions 3.0.20 and 2.3.16 of the software on Monday in...

#UK [contract] Ruby on Rails Developer at ✔ #jobs

contractjob.net 04 Feb '13, 11am

Spargonet Consulting, an IT Services Organisation with 35 years pedigree, is currently working with a major brand within g...

Ruby on Rails Patched Again - eSecurity Planet

Ruby on Rails Patched Again - eSecurity Planet

esecurityplanet.com 31 Jan '13, 10pm

For the third time this month, the developers of Ruby on Rails have released an update to patch a serious vulnerability. "...

Some Versions of Ruby on Rails Vulnerable to Ne...

threatpost.com 29 Jan '13, 6pm

A vulnerability exists in Ruby on Rails’ JavaScript Object Notation (JSON) code that could open the Web framework up to a ...

We are hiring Senior Ruby on Rails: Job Respons...

sysgen.com.ph 31 Jan '13, 2am

Must have a working knowledge of software design patterns, a clear understanding of web and system security issues and des...

Open Source Project Management App With Ruby on Rails – SprintApp

Open Source Project Management App With Ruby on...

feed2need.com 31 Jan '13, 10am

SprintApp is a professional project management service that also shares its full code as open source. Full post: Open Sour...