13 Feb '13, 11am

Ruby on Rails 3.2.12, 3.1.11 and 2.3.17 Released to Address #Security Holes #ccureit

Ruby on Rails 3.2.12, 3.1.11 and 2.3.17 Released to Address #Security Holes #ccureit

The developers of Ruby on Rails have released versions 3.2.12, 3.1.11 and 2.3.17. Ruby on Rails 3.2.12 and 3.1.11 fix one security issue, while 2.3.17 addresses two additional vulnerabilities. The first vulnerability (CVE-2013-0276) affects the attr_protected method in ActiveRecord and it could be exploited by an attacker to circumvent the protection and alter records by using a specially crafted request. The second issue refers to a serialized attributes YAML issue that could be leveraged by cybercriminals for a denial-of-service (DOS) attack and even to remotely execute arbitrary code. Finally, the latest updates address a DOS and unsafe object creation vulnerability in JSON. Users are advised to update their installations as soon as possible to avoid any unfortunate incidents.

Full article: http://news.softpedia.com/news/Ruby-on-Rails-3-2-12-3-1-1...

Tweets

Представлены корректирующие выпуски Ruby on Rai...

opennet.ru 12 Feb '13, 5pm

mobile.opennet.ru - версия для мобильного \n'); } if ( plugin ) { var swf_url = '/img/securit3.swf' + '?link1=' + 'http://...

More Rails security fixes released: Two bugs in...

h-online.com 12 Feb '13, 4pm

The Ruby on Rails Developers have released updates to Rails 3.2, 3.1 and 2.3 and made users aware of an update to the JSON...

Neues Sicherheits-Update für Ruby on Rails: Mit...

heise.de 12 Feb '13, 5pm

Das Ruby-on-Rails -Team schließt weitere kritische Sicherheitslücken in dem populären Web-Application-Framework. Mit den U...

More Rails security fixes released: Two bugs in...

h-online.com 12 Feb '13, 4pm

The Ruby on Rails Developers have released updates to Rails 3.2, 3.1 and 2.3 and made users aware of an update to the JSON...

[SEC][ANN] Rails 3.2.12, 3.1.11, and 2.3.17 hav...

weblog.rubyonrails.org 11 Feb '13, 6pm

I'd like to announce that Rails 3.2.12, 3.1.11, and 2.3.17 have been released. 3.2.12 and 3.1.11 contain one security fix,...

Срочно обновляемся до Ruby on Rails 3.2.12, 3.1...

habrahabr.ru 11 Feb '13, 8pm

Rails Vulnerabilities: Learning The Lesson

Neues Sicherheits-Update für Ruby on Rails

heise.de 12 Feb '13, 5pm

Das Ruby-on-Rails -Team schließt weitere kritische Sicherheitslücken in dem populären Web-Application-Framework. Mit den U...

Ruby 2.0

ruby-lang.org 24 Feb '13, 9am

The default encoding for ruby scripts is now UTF-8 [#6679]. Some people report that it affects existing programs, such as ...

Ruby on Rails Patches DoS, Remote Execution Flaws

threatpost.com 13 Feb '13, 6pm

Web app framework Ruby on Rails patched two security flaws this week in the open source framework that could have led to d...

[bad news] Ruby 1.9.3-p392 is released, include...

ruby-lang.org 22 Feb '13, 1pm

Now Ruby 1.9.3-p392 is released. I apologize for updating too frequently. This release includes security fixes about bundl...

Ruby on Rails #CVE-2013-0276 Remote Security By...

securityfocus.com 21 Feb '13, 6pm

Ruby on Rails Ruby on Rails 2.3.11 Ruby on Rails Ruby on Rails 2.3.14 Ruby on Rails Ruby on Rails 2.3.13 Ruby on Rails Rub...

Yay, #Ruby 2.0.0 is out! With lots of goodies.

ruby-lang.org 24 Feb '13, 6pm

The default encoding for ruby scripts is now UTF-8 [#6679]. Some people report that it affects existing programs, such as ...

Want to try Ruby 2.0? The last release candidat...

ruby-lang.org 14 Feb '13, 6pm

Ruby 2.0.0-rc2 is released. This will be the last release candidate of Ruby 2.0.0. Please give it a try, and report any is...