Ruby on Rails 3.2.12, 3.1.11 and 2.3.17 Released to Address Security Holes

Users are advised to update their installations as soon as possible

By on February 13th, 2013 10:51 GMT

The developers of Ruby on Rails have released versions 3.2.12, 3.1.11 and 2.3.17. Ruby on Rails 3.2.12 and 3.1.11 fix one security issue, while 2.3.17 addresses two additional vulnerabilities.

The first vulnerability (CVE-2013-0276) affects the attr_protected method in ActiveRecord and it could be exploited by an attacker to circumvent the protection and alter records by using a specially crafted request.

The second issue refers to a serialized attributes YAML issue that could be leveraged by cybercriminals for a denial-of-service (DOS) attack and even to remotely execute arbitrary code.

Finally, the latest updates address a DOS and unsafe object creation vulnerability in JSON.

Users are advised to update their installations as soon as possible to avoid any unfortunate incidents.

Ruby on Rails is available for download here

Comments

Ruby on Rails updated
   Ruby on Rails updated