Well, here's a vulnerability that's not widespread (yet) and the author's released the info in public after being told by the rails core team that it's up to the libraries to fix this:
http://www.phenoelit.org/blog/archives/2013/02/05/mysql_madness_and_rails/ Since not a lot of people are talking about this vulnerability on the Twitterverse I assume many of you haven't come across it either. I've verified that the exploit works, so if you are effected I suggest you patch your apps immediately (`to_s` on your relevent param would do). -Fred -- You received this message because you are subscribed to the Google Groups "Ruby or Rails Oceania" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/rails-oceania?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
