Rails 2.0.5: Security fixes

Posted by David October 19, 2008 @ 10:08 PM

Time for another small security fix for Rails 2.0.x. The 2.0.5 release contains just two changes: A backport of the offset/limit sanitization fix for Active Record and a fix against header-injection when using user-contributed strings in redirect_to (see Response Splitting for more information).

As always, you can install with:
gem install rails --version 2.0.5

Posted in Releases | 4 comments

Comments

Leave a response

  1. Matt on 19 Oct 22:23:

    I think it should be “gem install rails—version 2.0.5” instead of “gem install rails—version 2.0.4”

  2. Rodrigo on 19 Oct 22:51:

    what about rails 2.1.1? is it fixed already?

  3. Koz on 20 Oct 06:42:

    @Matt: Nice catch, fixed.

    @Rodrigo: 2.1.2 will be released shortly, we’re just waiting on some feedback on some gem related changes.

  4. Bettina Ramirez on 12 Nov 22:12:

    v5wfpxmcbqb7rkrb

Ruby on Rails was created by David Heinemeier Hansson, a partner at 37signals,
then extended and improved by a core team of committers and hundreds of open-source contributors.

Rails is released under the MIT license. Ruby under the Ruby License.

"Rails", "Ruby on Rails", and the Rails logo are trademarks of David Heinemeier Hansson. All rights reserved.

Sponsored by

 37signals