[Ruby] Major Security Hole Found In Rails
Scott Laird
scott at sigkill.org
Thu Aug 10 14:53:58 PDT 2006
Yeah, fun stuff. I've spit out two Typo releases in the last 24 hours
thanks to this mess.
FWIW, you can work around the bug by removing the default
:controller/:action/:id route from your routes.rb. See
http://bofh.org.uk/articles/2006/08/10/working-round-the-rails-showstopper,
or just upgrade to Rails 1.1.6.
Scott
On 8/10/06, Daevid Vincent <daevid at daevid.com> wrote:
> http://developers.slashdot.org/article.pl?sid=06/08/10/0213259&from=rss
>
> ÐÆ5ÏÐ
>
> _______________________________________________
> Ruby at zenspider.com
> http://www.zenspider.com/seattle.rb
> http://www.zenspider.com/mailman/listinfo/ruby
>
More information about the Ruby
mailing list