Tag: mail
Ruby on Rails updates fix security holes
by on Feb.12, 2011, under Ruby and Rails
The Ruby on Rails developers have released version 2.3.11 and 3.0.4 of Ruby on Rails which are maintenance and security updates that address four security vulnerabilities in the open source web framework. According to the developers, the latest updates address a cross-site scripting (XSS) vulnerability in the mail_to helper when used with the :encode => :javascript option, as well as a cross-site request forgery (CSRF) vulnerability that could allow an attacker to circumvent built-in protections. All versions up to and including 2.3.10 and 3.0.3 are said to be affected.
Two vulnerabilities which only affect the 3.0.x branch of Ruby on Rails have also been corrected; an SQL injection issue with the limit() method and a weakness in the file-system filtering code. The developers strongly advise all users to update to the latest versions as soon as possible.
More details about the security updates can be found in a post on the Ruby on Rails blog by Michael Koziarski. Users can install the latest version using the gem install rails or update with gem update rails. Patches for existing versions are also available. however, at the time of this posting, the project’s homepage still shows version 3.0.3 and 2.3.8 as the latest updates. Rails is released under the MIT licence.
See also:
- Potential XSS Problem with mail_to :encode => :javascript, Ruby on Rails security advisory.
- CSRF Protection Bypass in Ruby on Rails Options, Ruby on Rails security advisory.
- Filter Problems on Case-Insensitive Filesystems, Ruby on Rails security advisory.
- Potential SQL Injection in Rails 3.0.x, Ruby on Rails security advisory.
(crve)
<a href="http://www.h-online.com/security/news/item/Ruby-on-Rails-updates-fix-security-holes-1187641.htmltag:news.google.com,2005:cluster=http://www.h-online.com/security/news/item/Ruby-on-Rails-updates-fix-security-holes-1187641.htmlThu, 10 Feb 2011 15:53:53 GMT 00:00″>Ruby on Rails updates fix security holes
Repeated Routine Server Maintenance Freezes Mail?
by on Feb.10, 2011, under Server Maintenance
On both XP (desktop) and Vista (laptop) I repeatedly receive the message, “due to routine server maintenance Yahoo! Mail must now reload.” This freezes my Mail, forcing me to reboot my ISP (Firefox). anyone else have this problem?
Self Hosting Questions?
by on Jul.31, 2010, under Server Maintenance
Hello,
I plan to host a small development website from a desktop computer, and have a few questions about doing so. first off, which HTTP server should I use (e.g. Apache, lighttpd, etc.)? Second, which OS should I run for this server? I have heard Ubuntu Server Edition and Debian are good, but I could do with some opinions. Third, what are good mail and FTP servers?
Thanks a lot in advance!
