Sunday, June 30, 2013

Security fix for Ruby, BitNami apps updated

A new version of Ruby that includes a patch for the security vulnerability CVE-2013-4073 (Hostname check bypassing vulnerability in SSL client) has been recently released. We want to let BitNami users know that all our Ruby-based application installers for Linux and Mac OSX, virtual machines and cloud images have already been updated:

 - New versions of Redmine, GitLab, Discourse, Radiant, Typo, Spree and Ruby stack have been released with the latest Ruby 1.9.3-p448.
 - Gitorious has been published with the latest Ruby 1.8.7-p374.
 - Our cutting edge Ruby Development stack with Rails 4.0 and Ruby 2.0.0-p247 has been released too.
Our installers for Windows will be also updated as soon as the Ruby version for Windows is published.

For more details about this security issue please check the information provided by the official Ruby blog. This issue is not as serious as other vulnerabilities that were discovered early in the year, but as a precautionary measure, it is recommended that you upgrade the applications to their latest versions. Just to be on the safe side, we will also be removing older versions of the apps from Amazon, Azure and other repositories, to prevent end users from inadvertently launching insecure versions of these apps.