DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 10th February 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,198
Thanked 182 Times in 149 Posts
Default Ruby on Rails updates fix security holes

From http://www.h-online.com/security/new...s-1187641.html

Quote:
The Ruby on Rails developers have released version 2.3.11 and 3.0.4 of Ruby on Rails which are maintenance and security updates that address four security vulnerabilities in the open source web framework. According to the developers, the latest updates address a cross-site scripting (XSS) vulnerability in the mail_to helper when used with the :encode => :javascript option, as well as a cross-site request forgery (CSRF) vulnerability that could allow an attacker to circumvent built-in protections.

All versions up to and including 2.3.10 and 3.0.3 are said to be affected.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
 

Tags
ruby on rails

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Ruby on Rails 2.3.6 released, rapidly updated to 2.3.7 J65nko News 4 26th May 2010 09:50 AM
The top ten security holes for web developers J65nko News 1 26th April 2010 05:11 AM
PHP 5.2.13 addresses security holes J65nko News 2 26th February 2010 10:22 PM
Restructured Ruby-on-Rails hits beta J65nko News 2 8th February 2010 04:52 AM
Python Vs Ruby & Django Vs Rails. tetrodozombie Programming 11 6th February 2010 11:21 PM


All times are GMT. The time now is 10:08 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick