February 11, 2013: Rails and JSON Vulnerabilities

Rails and JSON Vulnerability

It was brought to our attention that there is a Rails and JSON Vulnerabilities that are out viahttp://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/.

What is Engine Yard doing?

We are currently upgrading our products and preparing documentation to help you secure your applications from these JSON vulnerabilities.  As always, it will be recommended to test on a staging environment first.  If you need assistance, please open a support ticket and we will be happy to help.

We will update here once we finalized security documentation specific to the JSON vulnerabilities.