-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2015-3225 #894
Comments
Based on: https://groups.google.com/forum/#!topic/ruby-security-ann/gcUbICUmKMc, 1.4.6 is still vulnerable. @tenderlove is that outdated, looks like it was addressed with this commit: 88b067e. |
I wasn't planning on doing a 1.4.6 at the time of the CVE release, but 1.4.6 contains the fixes for |
GUI
added a commit
to NREL/api-umbrella-web
that referenced
this issue
Jun 17, 2015
Rails security updates: http://weblog.rubyonrails.org/2015/6/16/Rails-3-2-22-4-1-11-and-4-2-2-have-been-released-and-more/ Related rack update: rack/rack#894 Moped security updates: mongoid/moped#377
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I know this probably is not the best place for this, but I was hoping to verify whether or not the 1.4.6 release is a working patch against CVE-2015-3225.
The text was updated successfully, but these errors were encountered: