It appears that the same fix has been applied to 2.3.15. Is that correct? Thanks
On Thursday, January 3, 2013 3:16:39 PM UTC+2, Hongli Lai wrote: > > This article explains how the vulnerability works, how it is triggered and > what the facts are: > http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/ > > On Wednesday, January 2, 2013 10:28:36 PM UTC+1, Aaron Patterson wrote: >> >> Rails versions 3.2.10, 3.1.9, and 3.0.18 have been released. These >> releases contain an important security fix. It is recommended that **all >> users upgrade immediately**. >> >> The security identifier is CVE-2012-5664, and you can read about the >> issue [here](add link). >> >> For other change in each particular release, please see the CHANGELOG >> corresponding to that version. For all commits in each release, please >> follow the links below: >> >> * [Changes in 3.2.10]( >> https://github.com/rails/rails/compare/v3.2.9...v3.2.10) >> * [Changes in 3.1.9]( >> https://github.com/rails/rails/compare/v3.1.8...v3.1.9) >> * [Changes in 3.0.18]( >> https://github.com/rails/rails/compare/v3.0.17...v3.0.18) >> >> We're sorry to drop a release like this so close to the holidays but >> regrettably the exploit has already been publicly disclosed and we don't >> feel we can delay the release. >> >> To that end, we've minimized the number of changes in each release so >> that upgrading should be as smooth as possible. >> >> Happy Holidays! >> >> <3<3<3 >> >> -- >> Aaron Patterson >> http://tenderlovemaking.com/ >> > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscr...@googlegroups.com. To post to this group, send email to rubyonrails-talk@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/sY2Wmh89FVcJ. For more options, visit https://groups.google.com/groups/opt_out.