Thursday, January 31, 2013

New security fix for Rails 2.3.x. Applications updated on BitNami

A new Rails security issue that affects older versions of Rails (2.3.x and 3.0.x) was recently announced. This is a vulnerability related to the JSON parser code for Ruby on Rails with allows attackers to bypass authentication systems, inject arbitrary SQL or inject and execute arbitrary code.

We have released RubyStack 1.8, Redmine 1.4.x, Radiant, Gitorious and Tracks with the latest Rails v2.3.16 that fixes this issue. Note that if you are using an application that ships Rails 3.2.11, it is not affected by this issue.

We are also removing older versions of BitNami Rails apps published on the Windows Azure and Amazon Cloud catalog and marketplace and that may be vulnerable to these security issues.

For more details about these security issues please check the information provided in the official Ruby On Rails blog. If you already have installed a version of these applications please make sure that you update your environment or apply the appropriate patches.