For those of you that aren't plugged into the usual channels, a pretty nasty vulnerability has been discovered in Rails. This is slightly nastier than usual because apparently the attack vector has been publicly posted somewhere online, and it can allow attackers to "bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application."
Anyway, full details, including workarounds are on the Rails security list - https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion Best update your apps pretty sharpish! Tekin Suleyman Founder | http://crowd.fm | @crowdfm | The easy way to list your events online 120/122 Grosvenor St, Manchester, M1 7HL, UK -- You received this message because you are subscribed to the Google Groups "NWRUG" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nwrug-members?hl=en.
