12 Jul '12, 7am

Ну вот почему? Почему я не удивлен security vulnerability в spree??? #spree

Posted July 05, 2012 by Andrew Hooker Comments We have just released several new versions of Spree which contain important security fixes. A vulnerability exists in Product Scopes that could allow for unauthenticated remote command execution. There is also a potential XSS vulnerability related to the analytics dashboard. Finally, the new releases also upgrade to the latest version of Rails which include additional security fixes which were addressed by the Rails team. The remote command execution vulnerability is quite serious and affects all versions of Spree. You should upgrade to one of the following secure versions of Spree immediately: 0.11.4, 0.70.6, 1.0.5 or 1.1.2. Thanks to joernchen from Phenoelit and Michael Bianco from Ascension Press for bringing these issues to our attention. If you believe you’ve found a security vulnerability, please do not post publicly abo...

Full article: http://spreecommerce.com/blog/2012/07/05/security-issue-a...

Tweets

Spree 1.0.6 Released

spreecommerce.com 13 Jul '12, 3am

Posted July 12, 2012 by Sean Schofield Comments Spree 1.0.6 has been released. This release is just a minor patch release ...

Important Security Updates

spreecommerce.com 05 Jul '12, 3pm

Posted July 05, 2012 by GeekOnCoffee | Comments We have just released several new versions of Spree which contain importan...

Upcoming changes to checkout customization - feedback encouraged.

Upcoming changes to checkout customization - fe...

spreecommerce.com 12 Jul '12, 1pm

Upcoming Changes to Checkout Customization Posted July 11, 2012 by radar Comments A lot of our users have complained about...

Complete Redesign of Spree Analytics

spreecommerce.com 16 Jul '12, 5pm

Complete Redesign of Spree Analytics Posted July 16, 2012 by Sean Schofield Comments We’re pleased to announce a completel...

Need some advice on internet security? Make sur...

123-reg.co.uk 17 Jul '12, 10am

We’d like to think we’re all wise to these now, but opening up that email bleary-eyed first thing in the morning you may n...

Thailand steps up security for key court ruling on Friday (AFP)

Thailand steps up security for key court ruling...

straitstimes.com 12 Jul '12, 1pm

A member of the 'red shirt' movement poses for a photo as thousands gather at the Democracy monument in Bangkok June 24, 2...

The Single Most Important Issue YOU Face in the...

ricksblog.com 12 Jul '12, 11am

What I write on my blog is only half of the story. You, the commenter, provide the other half. I open up an issue and you ...

The Ongoing Vigil of Software Security

rubylearning.com 23 Jul '12, 1am

Think of your systems, databases, and code as a ship floating in the middle of the Atlantic. The ship was fairly hastily c...

Experience the #Sparkle premiere as a VIP! Only...

offbroadwayshoes.com 17 Jul '12, 8pm

If you are not redirected in 3 seconds click here .

@charliesome ? Also there's the query params etc.

blog.evanweaver.com 21 Jul '12, 5am

Rails Ticket 4339 suggests that there is a denial-of-service vulnerability because of the way the Rails request handler in...

Millionaire On A Giving Spree: Mr. Lucky Donates £1000 To Complete Strangers via @zite

Millionaire On A Giving Spree: Mr. Lucky Donate...

elitechoice.org 09 Jul '12, 2pm

The “We Are Lucky ” philanthropy project was born under rather unusual circumstances. The story goes like this. Once upon ...