03 Jan '13, 12pm

Ruby on Rails 3.2.10 Released to Address SQL Injection Vulnerability

Ruby on Rails 3.2.10, 3.1.9, and 3.0.18 have been released to address an SQL Injection vulnerability in Active Record that affects all versions. According to the developers, the release comes so close to the holidays because the details of the exploit have already been publicly disclosed. “Due to the way dynamic finders in Active Record extract options from method parameters, a method parameter can mistakenly be used as a scope. Carefully crafted requests can use the scope to inject arbitrary SQL,” the developers explained . Considering the risks posed by this serious vulnerability, users are advised to update as soon as possible. In order to make the upgrading process as easy as possible, the number of changes in each of the releases has been kept at a minimum.

Full article: http://news.softpedia.com/news/Ruby-on-Rails-3-2-10-Relea...

Tweets

sql injection vulnerability in Active Record in...

permalink.gmane.org 02 Jan '13, 9pm

SQL Injection Vulnerability in Ruby on Rails There is a SQL injection vulnerability in Active Record in ALL versions. This...

SQL Injection Vulnerability in several versions...

weblog.rubyonrails.org 03 Jan '13, 2am

Rails versions 3.2.10, 3.1.9, and 3.0.18 have been released. These releases contain an important security fix. It is recom...

Ruby on Rails security updates address SQL inje...

news.techworld.com 03 Jan '13, 3pm

Ruby on Rails developers have released versions 3.2.10, 3.1.9, and 3.0.18 of the popular web application development frame...

SQL Injection Vulnerability in Ruby on Rails; a...

groups.google.com 02 Jan '13, 9pm

Dieser Browser wird nicht unterstützt.

SQL Injection Vulnerability in Ruby on Rails; a...

news.ycombinator.com 02 Jan '13, 9pm

You are going to have problems with this whenever you are composing SQL statement with any type of user-provided data as p...

Ruby on Rails updates address SQL injection fla...

computerworld.com 03 Jan '13, 3pm

IDG News Service - The developers of Ruby on Rails, a popular open source Web application development framework for the Ru...

Ruby on Rails security updates address SQL inje...

networkworld.com 03 Jan '13, 7pm

IDG News Service - The developers of Ruby on Rails, a popular Web application development framework for the Ruby programmi...

SQL injection vulnerability hits all Ruby on Ra...

h-online.com 03 Jan '13, 9am

The Ruby on Rails developers are warning of an SQL injection vulnerability that affects all current versions of the web fr...

SQL injection vulnerability hits all Ruby on Ra...

h-online.com 03 Jan '13, 9am

The Ruby on Rails developers are warning of an SQL injection vulnerability that affects all current versions of the web fr...

Ruby on Rails security updates address SQL inje...

infoworld.com 03 Jan '13, 2pm

The developers of Ruby on Rails, a popular Web application development framework for the Ruby programming language, releas...

SQL Injection Vulnerability in Ruby on Rails; a...

groups.google.com 02 Jan '13, 10pm

Dieser Browser wird nicht unterstützt.

Oh shit : SQL Injection Vulnerability in Ruby o...

groups.google.com 02 Jan '13, 10pm

Dieser Browser wird nicht unterstützt.

SQL Injection Vulnerability in Ruby on Rails; a...

groups.google.com 02 Jan '13, 9pm

Dieser Browser wird nicht unterstützt.

Ruby on Rails SQL injection issue

Ruby on Rails SQL injection issue

lwn.net 03 Jan '13, 1am

Ruby on Rails SQL injection issue [Posted January 3, 2013 by corbet] Ruby on Rails SQL injection issue [Security] Posted J...