« HTTP Authentication and Feed Security | Main | Rails 1.2.4 Maintenance release, security »
Monday
Oct152007

Rails 1.2.5 security release

DateMonday, October 15, 2007 at 10:38AM

There is another security release which addresses once again the to_json vulnerability. It now has a CVE. If you used to_json in a page you generate:

<script type="text/javascript">
var customers = <%= @customers.to_json %>;
</script>
 
you should upgrade to 1.2.5. Besides it fixes some bugs from 1.2.4.

AuthorHeiko | Comment1 Comment |

PrintView Printer Friendly Version

EmailEmail Article to Friend

Reader Comments (1)

bfquzyj wsqcxf ykelbvc nzxqrgts qsby tdvmhw hdte

April 10, 2008 | Unregistered Commenterripchvwdo vdtwxzbap

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>
Alert
Comment Moderation Enabled
Your comment will not appear until it has been cleared by a website editor.

Notify me of follow-up comments via email.