Ruby on Rails receives third security patch in less than a month
Ruby on Rails versions 3.0.20 and 2.3.16 fix an extremely critical remote code execution vulnerability
IDG News Service - Developers of the Ruby on Rails Web development framework released versions 3.0.20 and 2.3.16 of the software on Monday in order to address a critical remote code execution vulnerability.
This is the third security update released in January for Ruby on Rails, an increasingly popular framework for developing Web applications using the Ruby programming language that was used to build websites like Hulu, GroupOn, GitHub, Scribd and others.
The Rails developers described the updates released Monday as "extremely critical" in a blog post and advised all users of the 3.0.x and 2.3.x Rails software branches to update immediately.
The Rails developers pointed out that despite receiving this update, the Rails 3.0.x branch is no longer officially supported. "Please note that only the 2.3.x, 3.1.x and 3.2.x series are supported at present," they said in the advisory.
Users of Rails versions that are no longer supported were advised to upgrade as soon as possible to a newer, supported version, because the continued availability of security fixes for unsupported versions cannot be guaranteed. The newer 3.1.x and 3.2.x Rails branches are not affected by this vulnerability.
This latest Rails vulnerability is identified as CVE-2013-0333 and is different from CVE-2013-0156, a critical SQL injection vulnerability patched in the framework on Jan. 8. The Rails developers stressed that users of Rails 2.3 or 3.0 who previously installed the fix for CVE-2013-0156 are still required to install the new fix released this week.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts