A SQL injection vulnerability has been found in ActiveRecord that impacts all versions of Rails:
https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM I have released Hobo 1.3.3 that patches Hobo's vulnerability to this issue. if you are using Hobo 2.0 it is recommended that you upgrade to Rails 3.2.10, although I have also pushed the security patch to github master. The Hobo fix only impacts Hobo's usage. If you use find_by_ in your own code, you must fix those up yourself by coercing the input (find_by_foo(params[:foo].to_s) for example) or by upgrading to a version of Rails without the vulnerability. Bryan -- You received this message because you are subscribed to the Google Groups "Hobo Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/hobousers?hl=en.
