29th January 2013
|
Administrator
|
|
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,132
|
|
Rails developers close another "extremely critical" flaw
From http://h-online.com/-1793511
Quote:
The Rails developers have released Ruby on Rails 3.0.20 and 2.3.16 which contain one, and only one, "extremely critical security fix". The problem only affects Rails 3.0.x and 2.3.x with Rails 3.1.x and 3.2.x not affected. Users of the 2.3 and 3.0 branches are advised to update as soon as possible, or to apply patches if they cannot upgrade. If they cannot do that either, a workaround of setting
ActiveSupport::JSON.backend = "JSONGem"
in the application's initialisation code will, at least, prevent the vulnerable code from being called.
|
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
|