-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sheldon Hearn wrote:
> The good news is, upstream seems to have taken disclosure complaints to
> heart, and is now posting security advisories to the
> rubyonrails-security Google Group:
>
> The bad news is, it looks like CVE-2007-3227 is only fixed
On Monday 22 October 2007 14:32:15 you wrote:
> Huh? Who said this? We have 1.2.4 but we ship an extra patch
> which is not included in 1.2.4 to fix this so I don't see
> the point.
I wasn't aware of the additional patch you included.
Thanks,
Sheldon.
signature.asc
Description: This is a digita
Hi Sheldon,
* Sheldon Hearn <[EMAIL PROTECTED]> [2007-10-22 14:22]:
> On Monday 22 October 2007 13:58:43 Nico Golde wrote:
> > > The bad news is, it looks like CVE-2007-3227 is only fixed properly
> > > in rails-1.2.5:
> > >
> > > http://groups.google.com/group/rubyonrails-security/browse_thread/t
On Monday 22 October 2007 13:58:43 Nico Golde wrote:
> > The bad news is, it looks like CVE-2007-3227 is only fixed properly
> > in rails-1.2.5:
> >
> > http://groups.google.com/group/rubyonrails-security/browse_thread/t
> >hread/225dcc61aaefad42
>
> Why do you think so?
I think so because DHH is
Hi Sheldon,
* Sheldon Hearn <[EMAIL PROTECTED]> [2007-10-22 12:14]:
> The good news is, upstream seems to have taken disclosure complaints to
> heart, and is now posting security advisories to the
> rubyonrails-security Google Group:
>
> The bad news is, it looks like CVE-2007-3227 is only fixed
The good news is, upstream seems to have taken disclosure complaints to
heart, and is now posting security advisories to the
rubyonrails-security Google Group:
The bad news is, it looks like CVE-2007-3227 is only fixed properly in
rails-1.2.5:
http://groups.google.com/group/rubyonrails-secur
6 matches
Mail list logo
