Monday
Oct152007
Rails 1.2.5 security release
Monday, October 15, 2007 at 10:38AM There is another security release which addresses once again the to_json vulnerability. It now has a CVE. If you used to_json in a page you generate:
<script type="text/javascript">
var customers = <%= @customers.to_json %>;
</script>
var customers = <%= @customers.to_json %>;
</script>
you should upgrade to 1.2.5. Besides it fixes some bugs from 1.2.4.




Reader Comments (1)
bfquzyj wsqcxf ykelbvc nzxqrgts qsby tdvmhw hdte