Upgrade Rails to Version 3.2.4 due to SQL Injection Vulnerability
Created by: kirantpatil
Hello,
SQL Injection Vulnerability in Ruby on Rails
There is a SQL injection vulnerability in Active Record, version 3.0 and later. This vulnerability has been assigned the CVE identifier CVE-2012-2661.
Versions Affected: 3.0.0 and ALL later versions Not affected: 2.3.14 Fixed Versions: 3.2.4, 3.1.5, 3.0.13
For full story please find the below links, https://groups.google.com/group/rubyonrails-security/browse_thread/thread/7546a238e1962f59?pli=1 http://www.h-online.com/open/news/item/Critical-vulnerability-derails-Ruby-on-Rails-1588773.html
Thanks, Kiran.