28 Jul '15, 7pm

We've released a security fix for all #spree versions. Get the details from @JDutil21:

We have just issued several new versions of Spree that address a critical security vulnerability present in all versions of Spree 1.2.x+. An attacker with API access is able to execute arbitrary files on the remote system. It is likely that this could be leveraged to gain admin priviledges, disclose the contents of files or execute arbitrary code. We recommend all users upgrade immediately, but this is especially dangerous to stores which provide API access to customers. If you are unable or unwilling to upgrade you can monkey patch your Spree application with an initializer config/initializers/security_20150728.rb as a quick workaround: Spree::Api::TaxonomiesController.before_filter do params[:set] = nil if params[:set] != "nested" end If using an unsupported version, such as, 1.2.x, 1.3.x, 2.0.x or 2.1.x you should use the above initializer as a workaround. Previous secu...

Full article: https://spreecommerce.com/blog/security-updates-2015-7-28

Tweets

How to improve IoT security

How to improve IoT security

edn.com 28 Jul '15, 12pm

At ESC Santa Clara, Hugo Fiennes CEO and co-founder of Electric Imp spoke about safeguarding the IoT and the importance of...

Looks like there are 3 variants in total for the OnePlus 2. Because 1+ 2 = 3?

Looks like there are 3 variants in total for th...

soyacincau.com 27 Jul '15, 7am

Updates on the AnTuTu benchmarks proves some promising news on purported 3 variants of the OnePlus 2. Having earlier showi...

DOD Releases Report on Security Implications of...

defense.gov 29 Jul '15, 1pm

The “Report on National Security Implications of Climate-Related Risks and a Changing Climate” was provided to Congress ye...

USAR Security Cooperation: By: Benjamin Flosi T...

smallwarsjournal.com 30 Jul '15, 11pm

As much as the USAR can assist the military accomplish goals through its unique capabilities, the cost and availability of...

WordPress 4.2.3 Now Available: A Critical Secur...

searchenginejournal.com 23 Jul '15, 3pm

SEO PowerSuite SEO category is sponsored by SEO PowerSuite. All the SEO tools you'll ever need under one roof. Track ranki...

Homeland security uses TREZOR to store seized B...

reddit.com 28 Jul '15, 3pm

Do not use URL shortening services: always submit the real link. Begging/asking for bitcoins is absolutely not allowed, no...