As does seem to be the custom these days... http://dev.rubyonrails.org/ticket/8432
From the ticket page: > The exception notification plugin doesn't respect filtered > parameters and, as a result, emails can be sent out that contain > some interesting data (*cough* credit card numbers *cough*). > > Attached is a patch (with tests) that uses the controller's param > filtering to make sure emails don't contain any surprises. This fixes a potential security problem for anybody using the ExceptionNotification plugin and processing sensitive information. -- tim --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~---
