Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Ruby On Rails 1.1.5 Released to Address Critical Vulnerability

from [James Pujals] Network Security [Permanent Link]
Subject: RE: Ruby On Rails 1.1.5 Released to Address Critical Vulnerability
Date: Thu, 10 Aug 2006 12:04:22 -0400 
Hello:
 

"The issue is in fact of such a criticality that we're not going to dig into 
the specifics. No need to

arm would-be assalients."
 
Security by obscurity -- right.  How are people supposed to take seriously a 
call to modify production software without any information at all on the issues 
being addressed?  "You must install this patch or else Something Bad will 
happen, but I can't tell you what.  Trust Me (tm)."
 
    -dZ.

________________________________

From: bugtraq@cgisecurity.net [mailto:bugtraq@cgisecurity.net]
Sent: Wed 08/09/2006 21:33
To: websecurity@webappsec.org; webappsec@securityfocus.com
Subject: Ruby On Rails 1.1.5 Released to Address Critical Vulnerability




From their blog


"We're still hard at work on Rails 1.2, which features all the new dandy REST 
stuff and more, but a
serious security concern has come to our attention that needed to be addressed 
sooner than the release
of 1.2 would allow. So here's Rails 1.1.5!

This is a MANDATORY upgrade for anyone not running on a very recent edge (which 
isn't affected by this).
If you have a public Rails site, you MUST upgrade to Rails 1.1.5. The security 
issue is severe and you do
not want to be caught unpatched.

The issue is in fact of such a criticality that we're not going to dig into the 
specifics. No need to
arm would-be assalients."

Blog URL: http://weblog.rubyonrails.com/

- Robert
http://www.cgisecurity.com/ Website Security, and Application Security News
http://www.cgisecurity.com/index.rss [RSS news Feed]

-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire was recently named the worldwide market leader in Web
application security assessment tools by both Gartner and IDC.
Download a free trial of AppScan today and see why more customers choose
AppScan then any other solution. Try it today!
 
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB
--------------------------------------------------------------------------




-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire was recently named the worldwide market leader in Web 
application security assessment tools by both Gartner and IDC. 
Download a free trial of AppScan today and see why more customers choose 
AppScan then any other solution. Try it today!
  
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB
--------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [WEB SECURITY] Ruby On Rails 1.1.5 Released to Address Critical Vulnerability, Caleb Sima
Next by Date:  Re: [WEB SECURITY] RE: Ruby On Rails 1.1.5 Released to Address Critical Vulnerability, Brian Eaton
Previous by Thread:  RE: [WEB SECURITY] Ruby On Rails 1.1.5 Released to Address Critical Vulnerability, Caleb Sima
Next by Thread:  Re: [WEB SECURITY] RE: Ruby On Rails 1.1.5 Released to Address Critical Vulnerability, Brian Eaton
Indexes:  [Date] [Thread] [Top] [All Lists]