Archives - 08 January 2013, Tuesday - OpenRuby.com

Follow @openruby

Archives - 08 January 2013, Tuesday

[SEC][ANN] Rails 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been released!

weblog.rubyonrails.org 08 Jan '13, 8pm

I'd like to announce that 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been released. These releases contain two extremely critical security fixes so please update IMMEDIATELY . You can read about the security fixes by following these links: CVE-2013-0155 CVE-2013-0156 In order to ease upg...
Related:
1. [SEC][ANN] Rails 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been released! ruby-forum.com 08 Jan '13, 8pm
2. Ruby on Rails 3.2.11 Released to Address 2 “Extremely Critical” Vulnerabili... news.softpedia.com 09 Jan '13, 10am
3. Ruby on Rails vulnerable to six year old flaw zdnet.com 09 Jan '13, 1am
4. Ruby on Rails patches more critical vulnerabilities | Security - InfoWorld infoworld.com 09 Jan '13, 12pm
5. Extremely crtical Ruby on Rails bug threatens more than 200,000 sites arstechnica.com 09 Jan '13, 12am
6. Mac4Ever.com - Une faille très grave sur Ruby On Rails mac4ever.com 09 Jan '13, 10am
7. 「Ruby on Rails」に複数の脆弱性、対策を呼びかけ（JVN） | ScanNetSecurity (脅威、セキュリティホール・脆弱性のニュース) scan.netsecurity.ne.jp 09 Jan '13, 9am
Analysis of Rails XML Parameter Parsing Vulnerability - Insinuator

insinuator.net 08 Jan '13, 9pm

As you might remember YAML formatted parameters are not enabled by default in Rails due to YAML (or more specifically the YAML parsers used by most scripting languages like e.g. Python or Ruby) not being designed to handle malicious user input. The YAML parser used by Ruby supports th...
Related:
1. Critical vulnerability in Ruby on Rails parameter parsing - The H Security: h-online.com 09 Jan '13, 11am
2. Critical vulnerability in Ruby on Rails parameter parsing - The H Open: New... h-online.com 09 Jan '13, 11am
3. Any Ruby on Rails app is, badly, utterly, pwned through multiple parameter ... groups.google.com 09 Jan '13, 3am
4. ‘Huge’ Ruby On Rails Vulnerability Causes Panic | TechWeekEurope UK techweekeurope.co.uk 09 Jan '13, 4pm
5. Infosecurity - New flaw in Ruby on Rails infosecurity-magazine.com 09 Jan '13, 1pm
6. Exploit Code for Ruby on Rails Flaw Likely on the Horizon threatpost.com 09 Jan '13, 4pm
7. Ruby on Rails releases "extremely critical" fixes - SC Magazine scmagazine.com 09 Jan '13, 5pm
8. THE Ruby on Rails Vulnerabilities of 2013 - What they are and what should w... blog.sourcefire.com 09 Jan '13, 8pm
Critical Flaws Patched in Ruby on Rails

threatpost.com 08 Jan '13, 9pm

"There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application," the advisory says. "The parameter parsing c...
Related:
1. Critical Ruby on Rails flaws fixed, upgrade immediately net-security.org 09 Jan '13, 2pm
2. Ruby on Rails patches more critical vulnerabilities news.hitb.org 09 Jan '13, 10am
3. Unsafe Query Generation Risk in Ruby on Rails (CVE-2013-0155) groups.google.com 08 Jan '13, 8pm
4. Ruby on Rails patches more critical vulnerabilities | Security - InfoWorld infoworld.com 09 Jan '13, 12pm
5. Critical vulnerability in Ruby on Rails parameter parsing - The H Security: h-online.com 09 Jan '13, 11am
6. Critical vulnerability in Ruby on Rails parameter parsing - The H Open: New... h-online.com 09 Jan '13, 11am
7. Any Ruby on Rails app is, badly, utterly, pwned through multiple parameter ... groups.google.com 09 Jan '13, 3am
8. Ruby on Rails pushing out 'extremely critical' fixes - Applications - SC Ma... scmagazine.com.au 09 Jan '13, 2am
Moving to Berlin and auf wiedersehen to friends

chadfowler.com 08 Jan '13, 6pm

Moving to Berlin and auf wiedersehen to friends January 08, 2013 It’s hard to believe it’s been almost two years since InfoEther was acquired by LivingSocial. Since then, we’ve built the strongest development team I’ve ever known. We’ve set records for e-commerce transaction volume. W...
Project: Make a ToDo app in Ruby on Rails | Skillcrush

skillcrush.com 08 Jan '13, 5pm

So you know your way around HTML & CSS. You’ve made your own website, and even tried implementing a jQuery plugin or two. But what you dream of is digging into the backend. But where to begin? You tried TryRuby.org (so fun!) and started to read _why’s poignant guide to ruby , but how ...
Related:
1. Any Ruby on Rails app is, badly, utterly, pwned through multiple parameter ... groups.google.com 09 Jan '13, 3am
2. Courses | HackerYou hackeryou.com 08 Jan '13, 5am
3. Ruby on Rails Marketplace site | PSD to HTML | Ruby & Ruby on Rails freelancer.com 07 Jan '13, 4pm
4. Ruby on Rails Market Place for finding a car shipper | Graphic Design | HTM... freelancer.com 09 Jan '13, 3am
5. Sheffield Ruby User Group shrug.org 07 Jan '13, 9pm
Ruby Science: How to Eliminate Feature Envy and Comments

robots.thoughtbot.com 08 Jan '13, 2pm

January 8, 2013 hrward ruby on rails ruby ruby science Ruby Science: How to Eliminate Feature Envy and Comments Since launching Ruby Science we’ve written and released five new chapters. If you’ve previously purchased the book, you can log into GitHub to download the latest version. H...
Related:
1. [ANN] ruby 2.0.0-rc1 released ruby-forum.com 07 Jan '13, 4pm
Unsafe Query Generation Risk in Ruby on Rails (CVE-2013-0155)

groups.google.com 08 Jan '13, 8pm

Dieser Browser wird nicht unterstützt.
Related:
1. Extremely crtical Ruby on Rails bug threatens more than 200,000 sites arstechnica.com 09 Jan '13, 12am
2. Critical Flaws Patched in Ruby on Rails threatpost.com 08 Jan '13, 9pm
3. JVNVU#94771138: Ruby on Rails に複数の脆弱性 jvn.jp 09 Jan '13, 3am
4. Ruby on Rails pushing out 'extremely critical' fixes - Applications - SC Ma... scmagazine.com.au 09 Jan '13, 2am
5. Infosecurity - New flaw in Ruby on Rails infosecurity-magazine.com 09 Jan '13, 1pm
6. Ruby on Rails security updates address SQL injection flaw - CSO Online - Se... csoonline.com 04 Jan '13, 3pm
7. Exploit Code for Ruby on Rails Flaw Likely on the Horizon threatpost.com 09 Jan '13, 4pm
8. Ruby on Rails Marketplace site | PSD to HTML | Ruby & Ruby on Rails freelancer.com 07 Jan '13, 4pm
[SEC][ANN] Rails 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been released!

ruby-forum.com 08 Jan '13, 8pm

Hi everybody. I'd like to announce that 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been released. These releases contain two **extremely critical security fixes** so please update **IMMEDIATELY**. You can read about the security fixes by following these links: * [CVE-2013-0155](https://g...
Related:
1. [SEC][ANN] Rails 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been released! weblog.rubyonrails.org 08 Jan '13, 8pm
2. Ruby on Rails 3.2.11 Released to Address 2 “Extremely Critical” Vulnerabili... news.softpedia.com 09 Jan '13, 10am
3. [ANN] ruby 2.0.0-rc1 released ruby-forum.com 07 Jan '13, 4pm
4. Critical Ruby on Rails flaws fixed, upgrade immediately net-security.org 09 Jan '13, 2pm
Courses | HackerYou

hackeryou.com 08 Jan '13, 5am

Designed for beginners, this course will give you a solid foundation in Ruby on Rails. Ruby is known as one of the most beginner-friendly programming languages, and Rails has quickly become one of the most popular frameworks for web application development, powering sites like Twitter...
Related:
1. Course Outlines: Intro to Ruby on Rails & Rails Application Development 201... hackeryou.com 04 Jan '13, 5pm
2. Project: Make a ToDo app in Ruby on Rails | Skillcrush skillcrush.com 08 Jan '13, 5pm
3. Exploit Code for Ruby on Rails Flaw Likely on the Horizon threatpost.com 09 Jan '13, 4pm
4. Serious vulnerability in Ruby on Rails allowing arbitrary Ruby code executi... reddit.com 08 Jan '13, 11pm
5. Ruby on Rails มีบั๊ก Remote Code Execution, ควรอัพเกรดทันที | Blognone blognone.com 09 Jan '13, 3am
6. THE Ruby on Rails Vulnerabilities of 2013 - What they are and what should w... blog.sourcefire.com 09 Jan '13, 8pm
7. Ruby on Rails vulnerable to six year old flaw zdnet.com 09 Jan '13, 1am
8. Intro to Ruby on Rails | HackerYou hackeryou.com 31 Dec '12, 9pm
Serious vulnerability in Ruby on Rails allowing arbitrary Ruby code execution in any Rails application : netsec

reddit.com 08 Jan '13, 11pm

An attacker can execute any ruby code he wants including system("unix command"). This effects any rails version for the last 6 years. I've written POCs for Rails 3.x and Rails 2.x on Ruby 1.9.3, Ruby 1.9.2 and Ruby 1.8.7 and there is no reason to believe this wouldn't work on any Ruby...
Related:
1. Exploit Code for Ruby on Rails Flaw Likely on the Horizon threatpost.com 09 Jan '13, 4pm
2. Ruby on Rails มีบั๊ก Remote Code Execution, ควรอัพเกรดทันที | Blognone blognone.com 09 Jan '13, 3am
3. Critical vulnerability in Ruby on Rails parameter parsing - The H Open: New... h-online.com 09 Jan '13, 11am
4. Sites Built With Ruby on Rails Suffer New Vulnerability - Arik Hesseldahl -... allthingsd.com 09 Jan '13, 4pm
5. ‘Huge’ Ruby On Rails Vulnerability Causes Panic | TechWeekEurope UK techweekeurope.co.uk 09 Jan '13, 4pm
6. Critical Flaws Patched in Ruby on Rails threatpost.com 08 Jan '13, 9pm
7. Sites Built With Ruby on Rails Suffer New Vulnerability - Arik Hesseldahl -... allthingsd.com 09 Jan '13, 4pm
8. Metasploit Rails 3 Remote Code Execution Hours Away news.ycombinator.com 10 Jan '13, 3am
4

news.humancoders.com 08 Jan '13, 1pm

Ruby Rails 4 (fr) Partagé par Synbioz il y a environ une heure   Présentation de Ruby on Rails 4, un tour d'horizon des nouveautés de cette release à venir. Articles similaires Zeus : vos commandes rails/rake en moins de 2s [Bonjourgem] Rails autolink [Bonjourgem] Serve Contribut...
Related:
1. Rails 4: What's New rubyflow.com 03 Jan '13, 9pm
2. #400 What's New in Rails 4 railscasts.com 04 Jan '13, 10am
3. #400 What's New in Rails 4 railscasts.com 06 Jan '13, 9pm
4. A Rails 4 love affair with PostgreSQL rubyflow.com 29 Dec '12, 9pm
5. #400 What's New in Rails 4 railscasts.com 04 Jan '13, 7pm
6. Préparez votre application web pour Rails 4 | news.humancoders.com 02 Jan '13, 2pm
7. Rails vulnerabilities are not Rails' revision-zero.org 12 Jan '13, 6pm
8. RubySource | Get Your App Ready for Rails 4RubySource rubysource.com 01 Jan '13, 11pm
Double Shot #1039

afreshcup.com 08 Jan '13, 12pm

is Mike Gunderloy's software development weblog, covering Ruby on Rails and whatever else I find interesting in the universe of software. I'm a full-time Rails developer and contributor, available for long- or short-term consulting, with solid experience in working as part of a distri...
Related:
1. Double Shot #1038 afreshcup.com 07 Jan '13, 12pm
2. Double Shot #1034 afreshcup.com 01 Jan '13, 3pm
3. Double Shot #1035 afreshcup.com 02 Jan '13, 11am
I need 5 php files to be uploaded on a free cloud account that provides SSL - HTTPS URLs | Amazon Web Services | Cloud Computing | Ruby & Ruby on Rails | System Admin

freelancer.com 08 Jan '13, 9am

Freelancer.com (formerly GetAFreelancer) is the world's largest outsourcing and crowdsourcing marketplace for small business . We have hundreds of thousands of satisfied customers from all over the world. We connect over employers and freelancers globally from over 234 countries & reg...
JVNDB-2013-001006 - JVN iPedia - 脆弱性対策情報データベース

jvndb.jvn.jp 08 Jan '13, 3am

Rails weblog : [ANN] Rails 3.2.10, 3.1.9, and 3.0.18 have been released!
Related:
1. JVNDB-2013-001005 - JVN iPedia - 脆弱性対策情報データベース jvndb.jvn.jp 07 Jan '13, 8am
2. JVNDB-2012-005811 - JVN iPedia - 脆弱性対策情報データベース jvndb.jvn.jp 28 Dec '12, 5am
3. Vulnerabilidad de inyección SQL daña a Ruby on Rails | Noticias - SSI - seguridad.unam.mx 07 Jan '13, 7pm
4. ISC Diary | SQL Injection Flaw in Ruby on Rails isc.sans.edu 09 Jan '13, 2am