12 Feb '13, 4pm

More Rails security fixes released: Two bugs in Rails and a bug in the JSON gem expose Ruby on Rails application...

The Ruby on Rails Developers have released updates to Rails 3.2, 3.1 and 2.3 and made users aware of an update to the JSON gem to close an important security flaw. Most notable of the problems is CVE-2013-0277 , another problem with serialised attributes in YAML. The flaw, which only affects Rails 2.3 and 3.0, can be exploited so that a crafted request would deserialize arbitrary YAML inside the server with the risk of denial of service or remote code execution. The Rails developers have released a fix for Rails 2.3, 2.3.17, but there will be no fix for Rails 3.0 in line with maintenance policy . The advisory contains patches for various versions of Rails for use where users cannot upgrade easily. The JSON gem problem, CVE-2013-0269 , allows certain JSON documents, when being parsed, to create Ruby symbols. Symbols are not garbage collected and can be used for a denial of ...

Full article: http://www.h-online.com/open/news/item/More-Rails-securit...

Tweets

More Rails security fixes released: Two bugs in...

h-online.com 12 Feb '13, 4pm

The Ruby on Rails Developers have released updates to Rails 3.2, 3.1 and 2.3 and made users aware of an update to the JSON...

[SEC][ANN] Rails 3.2.12, 3.1.11, and 2.3.17 hav...

weblog.rubyonrails.org 11 Feb '13, 6pm

I'd like to announce that Rails 3.2.12, 3.1.11, and 2.3.17 have been released. 3.2.12 and 3.1.11 contain one security fix,...

Ruby on Rails 3.2.12, 3.1.11 and 2.3.17 Released to Address #Security Holes #ccureit

Ruby on Rails 3.2.12, 3.1.11 and 2.3.17 Release...

news.softpedia.com 13 Feb '13, 11am

The developers of Ruby on Rails have released versions 3.2.12, 3.1.11 and 2.3.17. Ruby on Rails 3.2.12 and 3.1.11 fix one ...

Neues Sicherheits-Update für Ruby on Rails

heise.de 12 Feb '13, 5pm

Das Ruby-on-Rails -Team schließt weitere kritische Sicherheitslücken in dem populären Web-Application-Framework. Mit den U...

Ruby on Rails Patches DoS, Remote Execution Flaws

threatpost.com 13 Feb '13, 6pm

Web app framework Ruby on Rails patched two security flaws this week in the open source framework that could have led to d...

Neues Sicherheits-Update für Ruby on Rails: Mit...

heise.de 12 Feb '13, 5pm

Das Ruby-on-Rails -Team schließt weitere kritische Sicherheitslücken in dem populären Web-Application-Framework. Mit den U...

[bad news] Ruby 1.9.3-p392 is released, include...

ruby-lang.org 22 Feb '13, 1pm

Now Ruby 1.9.3-p392 is released. I apologize for updating too frequently. This release includes security fixes about bundl...

Ruby on Rails vulnerable to mass assignment and SQL injection

Ruby on Rails vulnerable to mass assignment and...

zweitag.de 11 Feb '13, 6pm

Ruby on Rails vulnerable to mass assignment and SQL injection During the last weeks Ruby on Rails has been hit by several ...

Neues Sicherheits-Update für Ruby on Rails

heise.de 12 Feb '13, 5pm

Das Ruby-on-Rails -Team schließt weitere kritische Sicherheitslücken in dem populären Web-Application-Framework. Mit den U...

We are hiring Senior Ruby on Rails: Job Respons...

sysgen.com.ph 13 Feb '13, 7am

Must have a working knowledge of software design patterns, a clear understanding of web and system security issues and des...

If you're wondering why there wasn't a release ...

blog.steveklabnik.com 11 Feb '13, 8pm

Ruby on Rails maintenance policy Recently, the Rails team has committed to a specific policy related to release maintenanc...

"Rails Girls" comes to Philly & registration is officially open. Join me in learning Ruby on Rails

"Rails Girls" comes to Philly & registration is...

It's a two-day workshop designed to introduce women and girls to the fun and exciting world of programming with Ruby on Ra...