Friday, November 18, 2011

Rails 3.1.2 has been released

Rails 3.1.2 has been released. This is a patch-level release containing bug fixes and an important security fix.

Possible XSS vulnerability in the translate helper method in Ruby on Rails

There is a vulnerability in the translate helper method which may allow an attacker to insert arbitrary code into a page.
  • Versions Affected: 3.0.0 and later, 2.3.X in combination with the rails_xss plugin
  • Not Affected: Pre-3.0.0 releases, without the rails_xss plugin, did no automatic XSS escaping, so are not considered vulnerable
  • Fixed Versions: 3.0.11, 3.1.2
Please see the rubyonrails-security posting and the changelog item below, for more details.

For Free consultation on Ruby on Rails Programming, Ruby on Rails Developers, Ruby on Rails Programmer visit http://www.dckap.com
 Source: http://weblog.rubyonrails.org/

0 comments:

Post a Comment