Establishing Digital Trust: Don't Sacrifice Security for Convenience
For the third time this month, the developers of Ruby on Rails have released an update to patch a serious vulnerability.
"Ruby on Rails has had a bit of a tough go of it on the security front to start off 2013," writes Threatpost's Christoher Brook. "A SQL injection vulnerability affected all builds of the framework earlier this month that could’ve let an attacker inject code into web apps. While that was quickly patched, another problem with the framework emerged a few days later. Bugs surfaced that could have affected the way Ruby on Rails parses some parameters."