Friday February 8, 2013 7:39am PST/ 3:39pm UTC
We have now added a Security Forums section so please follow the link here to subscribe (must be logged in):
The following article has been posted:
It was brought to our attention that there have been two recent Rack Vulnerabilities via http://rack.github.com/.
- Affected Versions: All Previous Versions
- Fixed Versions: 1.1.6, 1.2.8, 1.3.10, 1.4.5, 1.5.2
- Versions affected: All versions after 1.4.0
- Versions fixed: 1.4.5, 1.5.2
Check your Gemfile and Gemfile.lock for vulnerable versions of rack, and if you are using one, update it immediately.
You can update each of these by using "bundle update rack".