* Apologies for starting a new thread; I just subscribed. Has anyone been able to make this exploit happen if requests are being proxied to Mongrel through Apache? I've been trying variations on the double-encoding thing and can't trigger the exploit through Apache. Hitting Mongrel directly does expose the problem.
I'll still upgrade my servers, of course, but I don't want to send an unnecessary "upgrade now" note to other folks... Thanks, Tom _______________________________________________ Mongrel-users mailing list Mongrel-users@rubyforge.org http://rubyforge.org/mailman/listinfo/mongrel-users