Posts

Ruby on Rails vulnerability pre 3.2.16 and 4.0.2

Rails 3.2.16 and 4.0.2 have been released!

These two releases contain important security fixes, so please upgrade as soon as possible! In order to make upgrading as smooth as possible, we’ve only included commits directly related to each security issue.

More information: Rails 3.2.16 and 4.0.2 have been released!

Ruby on Rails Exploit publicly used in the wild

The exploits mentioned on the blog in January for Ruby on Rails are now publicly being exploited in the wild. While this exploit has been known and surely used quite a bit since then, it shows the importance of patching in order to avoid having your server becoming the victim of an attack.

More information:
http://jarmoc.com/blog/2013/05/28/ror-cve-2013-0156-in-the-wild/