Upgrade Rails to Version 3.2.4 due to SQL Injection Vulnerability

Created by: kirantpatil

Hello,

SQL Injection Vulnerability in Ruby on Rails

There is a SQL injection vulnerability in Active Record, version 3.0 and later. This vulnerability has been assigned the CVE identifier CVE-2012-2661.

Versions Affected: 3.0.0 and ALL later versions Not affected: 2.3.14 Fixed Versions: 3.2.4, 3.1.5, 3.0.13

For full story please find the below links, https://groups.google.com/group/rubyonrails-security/browse_thread/thread/7546a238e1962f59?pli=1 http://www.h-online.com/open/news/item/Critical-vulnerability-derails-Ruby-on-Rails-1588773.html

Thanks, Kiran.

Admin message

Admin message

Upgrade Rails to Version 3.2.4 due to SQL Injection Vulnerability