-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sorry, somehow screwed up the GPG signature on my first announcement.
* Vulnerability in the JSON gem (CVE-2013-0269): https://groups.google.com/forum/?fromgroups#!topic/rubyonrails-security/4_YvCpLzL58[1] * Vulnerabilities in Rails (CVE-2013-0276, CVE-2013-0277): https://groups.google.com/forum/?fromgroups#!topic/rubyonrails-security/AFBKNY7VSH8[2] https://groups.google.com/forum/?fromgroups#!topic/rubyonrails-security/KtmwSbEpzrU[3] All users should upgrade their server immediately. * Releases We have just released Gitorious v2.4.8, which resolves these issues. * Workarounds If you're unable to upgrade to the latest released version of Gitorious, you may try manually upgrading Rails. This will only work if you are already running a fairly recent version of Gitorious (2.4.x). Do this by setting the Rails version to 2.3.17 in top of the file called Gemfile. Similarly, update the version number found on the top of config/environment.rb. Then do `bundle update rails` and restart your application server. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQEcBAEBAgAGBQJRGhb3AAoJEKwDTN/JAKQJroMH/jqygFvz3NteqfUpyXg0Fqz4 ksOxf5H//7WlwsCbnesPzFdRSrQe3Xxn2sloEMDD/MyiYQki5lcIlNIchQiC8XMC gNAUiaSwIgyNzmZM5uZyy75C9qVXpDLR24crCn0JSownMlK9Ga4vrNpa8NIBKdMk suY/jowTCZCTskvvk6+vMeKeOQWXuq0RZMkerL5boC3HUc7h33uErK4Nrlr6NphJ VICDV8BA/1EL1h2mOXBdEW6F1sazYYMGij+JQ2jtHCI8ru2ED1WQ5xmSnt02QHIu 4sT8ptb3O+ohvGG/LCCBl7sGQAP0OB+eCIfSKjcMPqn0IRzcQ86GjaRf42C7Suk= =e7n2 -----END PGP SIGNATURE----- -- -- To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] --- You received this message because you are subscribed to the Google Groups "Gitorious" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
