That appears to be a different issue. The Phusion post is talking about CVE-2012-5664, but this new one is CVE-2013-0156.
Still, lots of trouble. Mike -----Original Message----- From: Code for Libraries [mailto:CODE4LIB@LISTSERV.ND.EDU] On Behalf Of Patrick Berry Sent: Wednesday, January 09, 2013 10:06 AM To: CODE4LIB@LISTSERV.ND.EDU Subject: Re: [CODE4LIB] Extremely critical Ruby on Rails bug The Phusion folks did a nice summary write up. http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/#.UOX7xfhdeHG On Wed, Jan 9, 2013 at 6:27 AM, Ian Walls <iwa...@library.umass.edu> wrote: > Folks, > > > > > > I know a lot of you are running Ruby on Rails for various projects; > just wanted to be sure you saw this critical security issue with all > versions of > Rails: > > http://arstechnica.com/security/2013/01/extremely-crtical-ruby-on-rail > s-bug- > threatens-more-than-200000-sites/ > > > > In short, the following versions are safe: 3.2.11, 3.1.10, 3.0.19, or > 2.3.15 > > > > Cheers, > > > > > > -Ian Walls > > Web Services and Emerging Technologies Librarian > > UMass Amherst Libraries >