 |
 |
Patrick, that is not the same vulnerability. That one was fixed by 3.2.10, the latest vulnerability is fixed by 3.2.11. The more recent vulnerability is far more serious and can result in arbitrary code execution. Regards, Justin Coyne Data Curation Experts On Wed, Jan 9, 2013 at 11:06 AM, Patrick Berry <[log in to unmask]> wrote: > The Phusion folks did a nice summary write up. > > > http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/#.UOX7xfhdeHG > > > On Wed, Jan 9, 2013 at 6:27 AM, Ian Walls <[log in to unmask]> > wrote: > > > Folks, > > > > > > > > > > > > I know a lot of you are running Ruby on Rails for various projects; just > > wanted to be sure you saw this critical security issue with all versions > of > > Rails: > > > > > http://arstechnica.com/security/2013/01/extremely-crtical-ruby-on-rails-bug- > > threatens-more-than-200000-sites/ > > > > > > > > In short, the following versions are safe: 3.2.11, 3.1.10, 3.0.19, or > > 2.3.15 > > > > > > > > Cheers, > > > > > > > > > > > > -Ian Walls > > > > Web Services and Emerging Technologies Librarian > > > > UMass Amherst Libraries > > >