View Single Post
  #1   (View Single Post)  
Old 10th February 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default Ruby on Rails updates fix security holes

From http://www.h-online.com/security/new...s-1187641.html

Quote:
The Ruby on Rails developers have released version 2.3.11 and 3.0.4 of Ruby on Rails which are maintenance and security updates that address four security vulnerabilities in the open source web framework. According to the developers, the latest updates address a cross-site scripting (XSS) vulnerability in the mail_to helper when used with the :encode => :javascript option, as well as a cross-site request forgery (CSRF) vulnerability that could allow an attacker to circumvent built-in protections.

All versions up to and including 2.3.10 and 3.0.3 are said to be affected.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote