Rails Gets Security Updates
Versions 2.3.14, 3.0.10 and 3.1.0RC6 patch several vulnerabilities.
Versions 2.3.14, 3.0.10 and 3.1.0RC6 of Ruby on Rails were recently released.
"An SQL Injection vulnerability in quote_table_name affects the 2.3.x, 3.0.x and 3.1 versions of Rails," The H Security reports. "Rails 3.x was affected by the filter skipping vulnerability that allowed attackers to 'render a view they should not have access to.' A response splitting issue which allowed attackers to inject HTTP headers into responses only affected Rails 2.3.x."
"An XSS vulnerability in the strip_tags helper affected Rails 3.0.x, 2.3.x and 3.1 release candidates," the article states. "Another XSS vulnerability in the escaping function of Rails affected the same versions but only when running in Ruby 1.8.x."
Go to "Rails gets updates for critical issues in all versions" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.