WebApp Sec mailing list archives
RE: Ruby On Rails 1.1.5 Released to Address Critical Vulnerability
From: "James Pujals" <james.pujals () sterlingpayment com>
Date: Thu, 10 Aug 2006 12:04:22 -0400
Hello:
"The issue is in fact of such a criticality that we're not going to dig into the specifics. No need to
arm would-be assalients."
Security by obscurity -- right. How are people supposed to take seriously a call to modify production software without
any information at all on the issues being addressed? "You must install this patch or else Something Bad will happen,
but I can't tell you what. Trust Me (tm)."
-dZ.
________________________________
From: bugtraq () cgisecurity net [mailto:bugtraq () cgisecurity net]
Sent: Wed 08/09/2006 21:33
To: websecurity () webappsec org; webappsec () securityfocus com
Subject: Ruby On Rails 1.1.5 Released to Address Critical Vulnerability
From their blog
"We're still hard at work on Rails 1.2, which features all the new dandy REST stuff and more, but a serious security concern has come to our attention that needed to be addressed sooner than the release of 1.2 would allow. So here's Rails 1.1.5! This is a MANDATORY upgrade for anyone not running on a very recent edge (which isn't affected by this). If you have a public Rails site, you MUST upgrade to Rails 1.1.5. The security issue is severe and you do not want to be caught unpatched. The issue is in fact of such a criticality that we're not going to dig into the specifics. No need to arm would-be assalients." Blog URL: http://weblog.rubyonrails.com/ - Robert http://www.cgisecurity.com/ Website Security, and Application Security News http://www.cgisecurity.com/index.rss [RSS news Feed] ------------------------------------------------------------------------- Sponsored by: Watchfire Watchfire was recently named the worldwide market leader in Web application security assessment tools by both Gartner and IDC. Download a free trial of AppScan today and see why more customers choose AppScan then any other solution. Try it today! https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB -------------------------------------------------------------------------- ------------------------------------------------------------------------- Sponsored by: Watchfire Watchfire was recently named the worldwide market leader in Web application security assessment tools by both Gartner and IDC. Download a free trial of AppScan today and see why more customers choose AppScan then any other solution. Try it today! https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB --------------------------------------------------------------------------
Current thread:
- Ruby On Rails 1.1.5 Released to Address Critical Vulnerability bugtraq (Aug 09)
- RE: [WEB SECURITY] Ruby On Rails 1.1.5 Released to Address Critical Vulnerability Caleb Sima (Aug 10)
- RE: Ruby On Rails 1.1.5 Released to Address Critical Vulnerability James Pujals (Aug 10)