Ruby on Rails users urged to upgrade to new version to fix major security vulnerability

A new version of the Ruby on Rails scripting language has been released, with developers urging users to upgrade to the new version after the discovery of a major security vulnerability.

Ruby on Rails version 3.2.7 fixes a serious security vulnerability, known as CVE-2012-3424, that allows hackers to launch a denial of service attack on web applications using Ruby on Rails’ digest authentication.

Ruby on Rails, along with PHP, is one of the most popular server-side scripting languages for web applications. It also forms the basis of a number of popular content management systems including Radiant, Refinery, Nesta and Locomotive.

Australian SMEs should check with their IT staff about whether they use any content management systems or web applications based on Ruby on Rails, and if so, whether they should go about upgrading them.


Notify of
Inline Feedbacks
View all comments