Ruby on Rails Security Project

Exploring the Security of Rails and friends.

Ruby on Rails Security Project header image 2
Rails 1.2.4 Maintenance release, security HTTP Authentication and Feed Security

Rails 1.2.5 security release

October 15th, 2007 · No Comments

There is another security release which addresses once again the to_json vulnerability. It now has a CVE. If you used to_json in a page you generate:

<script type="text/javascript">
var customers = <%= @customers.to_json %>;
</script>
 
you should upgrade to 1.2.5. Besides it fixes some bugs from 1.2.4.

Tags: Uncategorized · XSS and Rails

0 responses so far ↓

  • There are no comments yet...Kick things off by filling out the form below.

Leave a Comment