Slashdot Mirror


All Ruby On Rails Versions Suffer SQL Injection Flaw

Trailrunner7 writes with the news as posted at Threatpost (based on this advisory) that "All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an attacker to inject code into Web applications. The vulnerability is a serious one given the widespread use of the popular framework for developing Web apps, and the maintainers of Ruby on Rails have released new versions that fix the flaw, versions 3.2.10, 3.1.9 and 3.0.18. The advisory recommends that users running affected versions, which is essentially anyone using Ruby on Rails, upgrade immediately to one of the fixed versions, 3.2.10, 3.1.9 or 3.0.18. The vulnerability lies specifically in the Ruby on Rails framework, and its presence doesn't mean that all of the apps developed on vulnerable versions are susceptible to the bug."

2 of 81 comments (clear)

  1. LOL by Anonymous Coward · · Score: -1, Flamebait

    Don't trust Rubyists when you need security. That involves "low-level details" that they can't be arsed to learn. They're more concerned with how productively they are chunking out the code, not with its quality or security.

  2. this is why Ruby sucks by Anonymous Coward · · Score: -1, Flamebait

    Ruby and RoR designers are arrogant enough to think all other stable frameworks are bad and lessons learned should be ignored. They has a bad case of not-invented-here syndrome. So hipsters and libtards of the software world, enjoy this steaming pile.