Rails 3.1.2 has been released. This is a patch-level release containing bug fixes and an important security fix.
Possible XSS vulnerability in the translate helper method in Ruby on Rails
There is a vulnerability in the translate helper method which may allow an attacker to insert arbitrary code into a page.
For Free consultation on Ruby on Rails Programming, Ruby on Rails Developers, Ruby on Rails Programmer visit http://www.dckap.com
Source: http://weblog.rubyonrails.org/
Possible XSS vulnerability in the translate helper method in Ruby on Rails
There is a vulnerability in the translate helper method which may allow an attacker to insert arbitrary code into a page.
- Versions Affected: 3.0.0 and later, 2.3.X in combination with the rails_xss plugin
- Not Affected: Pre-3.0.0 releases, without the rails_xss plugin, did no automatic XSS escaping, so are not considered vulnerable
- Fixed Versions: 3.0.11, 3.1.2
For Free consultation on Ruby on Rails Programming, Ruby on Rails Developers, Ruby on Rails Programmer visit http://www.dckap.com
Source: http://weblog.rubyonrails.org/
0 comments:
Post a Comment