A dynamic, open source programming language with a focus on simplicity and productivity. It has an elegant syntax that is natural to read and easy to write.
There is a DoS vulnerability in the REXML library used by Rails to parse incoming XML requests. A so-called "XML entity explosion" attack technique can be used for remotely bringing down (disabling) any application which parses user-provided XML. Most Rails applications will be vulnerable to this attack.
Posted by Shugo Maeda on 23 Aug 2008
Ruby 1.8.7-p72 and 1.8.6-p287 have been released. The last releases were incomplete, and the new releases include fixes of the previously announced vulnerability of dl.
The released source archives are available at:
Posted by Shugo Maeda on 11 Aug 2008
