12 Feb '13, 4pm

More Rails security fixes released: Two bugs in Rails and a bug in the JSON gem expose Ruby on Rails application...

The Ruby on Rails Developers have released updates to Rails 3.2, 3.1 and 2.3 and made users aware of an update to the JSON gem to close an important security flaw. Most notable of the problems is CVE-2013-0277 , another problem with serialised attributes in YAML. The flaw, which only affects Rails 2.3 and 3.0, can be exploited so that a crafted request would deserialize arbitrary YAML inside the server with the risk of denial of service or remote code execution. The Rails developers have released a fix for Rails 2.3, 2.3.17, but there will be no fix for Rails 3.0 in line with maintenance policy . The advisory contains patches for various versions of Rails for use where users cannot upgrade easily. The JSON gem problem, CVE-2013-0269 , allows certain JSON documents, when being parsed, to create Ruby symbols. Symbols are not garbage collected and can be used for a denial of ...

Full article: http://www.h-online.com/security/news/item/More-Rails-sec...

Tweets

More Rails security fixes released: Two bugs in...

h-online.com 12 Feb '13, 4pm

The Ruby on Rails Developers have released updates to Rails 3.2, 3.1 and 2.3 and made users aware of an update to the JSON...

Ruby on Rails 3.2.12, 3.1.11 and 2.3.17 Released to Address #Security Holes #ccureit

Ruby on Rails 3.2.12, 3.1.11 and 2.3.17 Release...

news.softpedia.com 13 Feb '13, 11am

The developers of Ruby on Rails have released versions 3.2.12, 3.1.11 and 2.3.17. Ruby on Rails 3.2.12 and 3.1.11 fix one ...

[SEC][ANN] Rails 3.2.12, 3.1.11, and 2.3.17 hav...

weblog.rubyonrails.org 11 Feb '13, 6pm

I'd like to announce that Rails 3.2.12, 3.1.11, and 2.3.17 have been released. 3.2.12 and 3.1.11 contain one security fix,...

Neues Sicherheits-Update für Ruby on Rails

heise.de 12 Feb '13, 5pm

Das Ruby-on-Rails -Team schließt weitere kritische Sicherheitslücken in dem populären Web-Application-Framework. Mit den U...

Ruby on Rails Patches DoS, Remote Execution Flaws

threatpost.com 13 Feb '13, 6pm

Web app framework Ruby on Rails patched two security flaws this week in the open source framework that could have led to d...

[bad news] Ruby 1.9.3-p392 is released, include...

ruby-lang.org 22 Feb '13, 1pm

Now Ruby 1.9.3-p392 is released. I apologize for updating too frequently. This release includes security fixes about bundl...

Ruby on Rails vulnerable to mass assignment and SQL injection

Ruby on Rails vulnerable to mass assignment and...

zweitag.de 11 Feb '13, 6pm

Ruby on Rails vulnerable to mass assignment and SQL injection During the last weeks Ruby on Rails has been hit by several ...

We are hiring Senior Ruby on Rails: Job Respons...

sysgen.com.ph 13 Feb '13, 7am

Must have a working knowledge of software design patterns, a clear understanding of web and system security issues and des...

Neues Sicherheits-Update für Ruby on Rails

heise.de 12 Feb '13, 5pm

Das Ruby-on-Rails -Team schließt weitere kritische Sicherheitslücken in dem populären Web-Application-Framework. Mit den U...

Ruby 2.0

ruby-lang.org 24 Feb '13, 9am

The default encoding for ruby scripts is now UTF-8 [#6679]. Some people report that it affects existing programs, such as ...

Ruby on Rails: Aktualisierungen schließen kritische Sicherheitslücken

Ruby on Rails: Aktualisierungen schließen kriti...

golem.de 12 Feb '13, 11am

Das Ruby-on-Rails-Team hat die Updates 3.2.12, 3.1.11 und 2.3.17 veröffentlicht , die zwei kritische Sicherheitslücken in ...

If you're wondering why there wasn't a release ...

blog.steveklabnik.com 11 Feb '13, 8pm

Ruby on Rails maintenance policy Recently, the Rails team has committed to a specific policy related to release maintenanc...