Share This Post

News/PR

Security Vulnerability Found in the RubyonRails framework, Heroku Applications Affected

Security Vulnerability Found in the RubyonRails framework, Heroku Applications Affected

A serious security vulnerability was  found today in the Ruby on Rails framework. This exploit affected nearly all applications running Rails including  Heroku’s.

Ruby on Rails issued prompt warning  and announced  that the releases 3.2.11, 3.1.10, 3.0.19, and 2.3.15 contained  two extremely critical security fixes.

The aforementioned  Rails versions were immediately  patched and deemed safe from this exploit. The users were advised to upgrade their version promptly, failing which an attacker could potentially gain access to their application, its data, and run arbitrary code or commands. If you’re one of the concerned users, please check the patched versions below (deemed safe from exploit)  and upgrade immediately.

Heroku was also prompt in taking action and asked its customers to get a full list of their affected Heroku applications by running this script.  If the customer found any affected application, he was advised to upgrade immediately and install the patched versions.  If you’re a Heroku customer, below are the steps to upgrade:

You can read more about the security fixes by following these links:

Heroku recently  resolved  a security vulnerability it was alerted to in December that would allow an attacker to change the password of a pre-existing user account and thus gain control of it. Web security has been a vital issue for the industry as recently EdgeWebHosting partnered with DuoSecutiry to secure remote access by enabling two-factor authentication and SingleHop launched an automated security service for dedicated cloud servers.

About RubyOnRails:
Rails was created in 2003 by David Heinemeier Hansson and has since been extended by the Rails core teammore than 2,100 contributors, and supported by a vibrant ecosystem. To know more, please visit, rubyonrails.org .

Share This Post

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Skip to toolbar