Skip to content
PLAY VIDEO PLAY VIDEO PLAY VIDEO
By Mikel Lindsaar

Five new Ruby on Rails security alerts

Today the Rails core team announced 5 security alerts.

Here is a full list with versions affected so you know if your app needs updating.

CVE-2013-6416 XSS Vulnerability in simple_format helper

  • Versions Affected: 4.0.0 & 4.0.1
  • Not affected: Versions prior to 4.0
  • Fixed Versions: 4.0.2

CVE-2013-6417 Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk)

  • Versions Affected: All.
  • Not affected: None
  • Fixed Versions: 4.0.2 & 3.2.16

CVE-2013-4491 Reflective XSS Vulnerability in Ruby on Rails

  • Versions Affected: 3.0.6 and all later versions.
  • Not affected: 3.0.5 and earlier 3.0.x versions.
  • Fixed Versions: 4.0.2, 3.2.16.

CVE-2013-6414 Denial of Service Vulnerability in Action View

  • Versions Affected: 3.0.0 and all later versions
  • Not affected: 2.3.x
  • Fixed Versions: 4.0.2, 3.2.16

CVE-2013-6415 XSS Vulnerability in number_to_currency

  • Versions Affected: All.
  • Fixed Versions: 4.0.2, 3.2.16.

If you are able to upgrade your Rails app, going to 3.2.16 or 4.0.2 will apply all the patches you need to handle these security issues.

We are already busy applying the fixes these alerts to all of our Sentinel Ruby on Rails support clients, if you need help with your application, or want to have these sorts of things just taken care of for your Ruby on Rails application, please get in touch.

Regards,

Mikel Lindsaar reInteractive

Latest Articles by Our Team

Our expert team of designers and developers love what the do and enjoy sharing their knowledge with the world.

We Hire Only the Best

reinteractive is Australia’s largest dedicated Ruby on Rails development company. We don’t cut corners and we know what we are doing.

We are an organisation made up of amazing individuals and we take pride in our team. We are 100% remote work enabling us to choose the best talent no matter which part of the country they live in. reinteractive is dedicated to making it a great place for any developer to work.

Free Community Workshops

We created the Ruby on Rails InstallFest and Ruby on Rails Development Hub to help introduce new people to software development and to help existing developers hone their skills. These workshops provide invaluable mentorship to train developers, addressing key skills shortages in the industry. Software development is a great career choice for all ages and these events help you get started and skilled up.

  • Webinars

    Webinars

    Webinars are our online portal for tips, tricks and lessons learned in everything we do. Make the most of this free resource to help you become a better developer.

    Learn more about webinars

  • Installfest

    Installfest

    The Ruby on Rails Installfest includes a full setup of your development environment and step-by-step instructions on how to build your first app hosted on Heroku. Over 1,800 attendees to date and counting.

    Learn more about Installfest

  • Development Hub

    Development Hub

    The Ruby on Rails Development Hub is a monthly event where you will get the chance to spend time with our team and others in the community to improve and hone your Ruby on Rails skills.

    Learn more about Development Hub

Get the “reinteractive Review” Monthly Email