Thread: Security Rails developers close another "extremely critical" flaw
View Single Post
  #1   (View Single Post)  
Old 29th January 2013
J65nko J65nko is offline
Administrator
  
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,131
Default Rails developers close another "extremely critical" flaw
From http://h-online.com/-1793511

Quote:
The Rails developers have released Ruby on Rails 3.0.20 and 2.3.16 which contain one, and only one, "extremely critical security fix". The problem only affects Rails 3.0.x and 2.3.x with Rails 3.1.x and 3.2.x not affected. Users of the 2.3 and 3.0 branches are advised to update as soon as possible, or to apply patches if they cannot upgrade. If they cannot do that either, a workaround of setting

ActiveSupport::JSON.backend = "JSONGem"

in the application's initialisation code will, at least, prevent the vulnerable code from being called.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote