-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 * Vulnerability in the JSON gem (CVE-2013-0269): https://groups.google.com/forum/?fromgroups#!topic/rubyonrails-security/4_YvCpLzL58
* Vulnerabilities in Rails (CVE-2013-0276, CVE-2013-0277): https://groups.google.com/forum/?fromgroups#!topic/rubyonrails-security/AFBKNY7VSH8 https://groups.google.com/forum/?fromgroups#!topic/rubyonrails-security/KtmwSbEpzrU All users should upgrade their server immediately. * Releases We have just released Gitorious v2.4.8, which resolves these issues. * Workarounds If you're unable to upgrade to the latest released version of Gitorious, you may try manually upgrading Rails. This will only work if you are already running a fairly recent version of Gitorious (2.4.x). Do this by setting the Rails version to 2.3.17 in top of the file called Gemfile. Similarly, update the version number found on the top of config/environment.rb. Then do `bundle update rails` and restart your application server. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQEcBAEBAgAGBQJRGhT/AAoJEKwDTN/JAKQJE+IIAImj7e+tHCBPbSIrmkAvvT3x uqwR6owx3uV0WV1Ylx4AH/9ObN5BOT/2HIywCaFtvb15+mKIoXpHK0ojjEZYMxw7 jNqL74qCvcHY8lZQuKpRgtCFit23MZYzS4iGjrtPFXiiYy0RZxcMsAgLBAK/sn2X qSWIwk6W3sBkMBcRwkxO9whJ96rwuavNCulhgZsz3HSlWaIlKm1a0TpRBRBMphVg wbvK6Mcc5G8xDl6i2GRwi1BJD/HAirB9gSvkrIDQzUkmAHu+92Qmuw4NXBvNxakC VIpcD+SjKb5qTct3y1SxiRSvkKfashXXqNDb4xh0O2RxqX2zkS6uqK1lNgQEcXw= =QPgs -----END PGP SIGNATURE----- -- -- To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] --- You received this message because you are subscribed to the Google Groups "Gitorious" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
