Cross-posted from the ShareSecret blog.
Earlier today the Rails team pushed new versions to patch three security vulnerabilities:
CVE-2019-5...
For further actions, you may consider blocking this person and/or reporting abuse
I think we need more breakdowns that use this type of "in your face. Here's how urgent this is" language for security patches. Not in place of the technical details, but preferably in addition to.
As someone that's involved with Rails to the extent of 'maybe I installed it at some point', this article was easy to follow. Great write-up!
Hey thanks, I appreciate it, and I agree! There are so many security updates, and it's easy to pass over them when you read the headline.
Rails development mode RCE
is a bad one depending on your network layout. A development server can quickly become a pivot point to internal networks if the network is not well segmented.Yea, that's a great point. I'll update the post with a blurb about that.
Hey Thanks Alex for sorting out security issues that matter from the noise - will start following your posts!