[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] RE: Ruby On Rails 1.1.5 Released to Address Critical Vulnerability

From: "James Pujals" <james.pujals@xxxxxxxxxxxxxxxxxxx>
Subject: [WEB SECURITY] RE: Ruby On Rails 1.1.5 Released to Address Critical Vulnerability
Date: Thu, 10 Aug 2006 12:04:22 -0400

Hello:
 
>> "The issue is in fact of such a criticality that we're not going to dig into the specifics. No need to
arm would-be assalients."
 
Security by obscurity -- right.  How are people supposed to take seriously a call to modify production software without any information at all on the issues being addressed?  "You must install this patch or else Something Bad will happen, but I can't tell you what.  Trust Me (tm)."
 
    -dZ.

________________________________

From: bugtraq@xxxxxxxxxxxxxxx [mailto:bugtraq@xxxxxxxxxxxxxxx]
Sent: Wed 08/09/2006 21:33
To: websecurity@xxxxxxxxxxxxx; webappsec@xxxxxxxxxxxxxxxxx
Subject: Ruby On Rails 1.1.5 Released to Address Critical Vulnerability



>From their blog

"We're still hard at work on Rails 1.2, which features all the new dandy REST stuff and more, but a
serious security concern has come to our attention that needed to be addressed sooner than the release
of 1.2 would allow. So here's Rails 1.1.5!

This is a MANDATORY upgrade for anyone not running on a very recent edge (which isn't affected by this).
If you have a public Rails site, you MUST upgrade to Rails 1.1.5. The security issue is severe and you do
not want to be caught unpatched.

The issue is in fact of such a criticality that we're not going to dig into the specifics. No need to
arm would-be assalients."

Blog URL: http://weblog.rubyonrails.com/

- Robert
http://www.cgisecurity.com/ Website Security, and Application Security News
http://www.cgisecurity.com/index.rss [RSS news Feed]

-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire was recently named the worldwide market leader in Web
application security assessment tools by both Gartner and IDC.
Download a free trial of AppScan today and see why more customers choose
AppScan then any other solution. Try it today!
 
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB
--------------------------------------------------------------------------




----------------------------------------------------------------------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Follow-Ups:
- Re: [WEB SECURITY] RE: Ruby On Rails 1.1.5 Released to Address Critical Vulnerability
  - From: Brian Eaton

References:
- [WEB SECURITY] Ruby On Rails 1.1.5 Released to Address Critical Vulnerability
  - From: bugtraq

Prev by Date: RE: [WEB SECURITY] Ruby On Rails 1.1.5 Released to Address Critical Vulnerability
Next by Date: [WEB SECURITY] Re: Ruby On Rails 1.1.5 Released to Address Critical Vulnerability
Previous by thread: RE: [WEB SECURITY] Ruby On Rails 1.1.5 Released to Address Critical Vulnerability
Next by thread: Re: [WEB SECURITY] RE: Ruby On Rails 1.1.5 Released to Address Critical Vulnerability
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site