2010年11月15日
Rails 2.3.9 and 3.0.0 脆弱性
Security Vulnerability in Nested Attributes code in Ruby On Rails 2.3.9 and 3.0.0
Rails 2.3.9 and 3.0.0 で脆弱性が発見された。
form parameter や record を意図的に操作が可能になってしまうらしい。
workaround は、無いそうです。
rails 3.0.2 に update が必要ということなのでやってみた。
確認
Rails 2.3.9 and 3.0.0 で脆弱性が発見された。
form parameter や record を意図的に操作が可能になってしまうらしい。
workaround は、無いそうです。
rails 3.0.2 に update が必要ということなのでやってみた。
% sudo gem update rails -v
Updating installed gems
Updating rails
Successfully installed activesupport-3.0.2
Successfully installed activemodel-3.0.2
Successfully installed actionpack-3.0.2
Successfully installed arel-2.0.2
Successfully installed activerecord-3.0.2
Successfully installed activeresource-3.0.2
Successfully installed actionmailer-3.0.2
Successfully installed railties-3.0.2
Successfully installed rails-3.0.2
Gems updated: activesupport, activemodel, actionpack, arel, activerecord, activeresource, actionmailer, railties, rails
Installing ri documentation for activesupport-3.0.2...
Installing ri documentation for activemodel-3.0.2...
Installing ri documentation for actionpack-3.0.2...
Installing ri documentation for arel-2.0.2...
Installing ri documentation for activerecord-3.0.2...
Installing ri documentation for activeresource-3.0.2...
Installing ri documentation for actionmailer-3.0.2...
Installing ri documentation for railties-3.0.2...
Installing ri documentation for rails-3.0.2...
File not found: lib
Updating installed gems
Updating rails
Successfully installed activesupport-3.0.2
Successfully installed activemodel-3.0.2
Successfully installed actionpack-3.0.2
Successfully installed arel-2.0.2
Successfully installed activerecord-3.0.2
Successfully installed activeresource-3.0.2
Successfully installed actionmailer-3.0.2
Successfully installed railties-3.0.2
Successfully installed rails-3.0.2
Gems updated: activesupport, activemodel, actionpack, arel, activerecord, activeresource, actionmailer, railties, rails
Installing ri documentation for activesupport-3.0.2...
Installing ri documentation for activemodel-3.0.2...
Installing ri documentation for actionpack-3.0.2...
Installing ri documentation for arel-2.0.2...
Installing ri documentation for activerecord-3.0.2...
Installing ri documentation for activeresource-3.0.2...
Installing ri documentation for actionmailer-3.0.2...
Installing ri documentation for railties-3.0.2...
Installing ri documentation for rails-3.0.2...
File not found: lib
確認
% rails -v
Rails 3.0.2
Rails 3.0.2
【(カテゴリなし)の最新記事】
投稿者:tech|23:26
電気料金計算