Order VPS Hosting
Order a VPS, Semi- dedicated or Dedicated server in Dallas, London or Australia.

Get Assistance
Ask our support team about your hosting requirements.


Host where the staff takes pride in making customers happy

Rimuhosting are based out of New Zealand, but offer VPS hosts in Australia, the US and Europe. Their support is excellent, and the servers are reliable. They don't make a song and dance about their support for Wordpress, but its all there.

- http://www.publicityship.com.au/publicityship-blog/publicityship-uses-rimuhosting-for-wordpress/ (#128/328)
Home > Support > Notices > Ruby on Rails vulnerability

Related Links

Notice Links:

Notice

Ruby on Rails vulnerability

PostedWed, 9 Jan 2013 01:33 AM UTC
Last UpdateWed, 9 Jan 2013 03:47 AM UTC (233 weeks ago)
StatusClosed

If you are running any Ruby on Rails based websites please check http://arstechnica.com/security/2013/01/extremely-crtical-ruby-on-rails-bug-threatens-more-than-200000-sites/

You will need to update your server to avoid exploits.

Note: this will not affect most customers.  Only those customers who have installed Rails.

If you need us to help, please pop in a support ticket.

The fix is to either a) 'upgrade everything' or b) disable the vulnerable code.  The 'upgrade everything' may cause compatibility issues.  And can be difficult to revert.  Have your rails developer run a "gem update" then test the changes.

Else disable the vulnerable code in your apps initialization code.  See https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion

If you change the initialization code be sure to commit that code change to your version control repository.  If you'd like us to change that just provide us the location / directory of that initialization code and the commands you use to restart rails on your server.  Also provide a URL that we can use to test that your app is working as expected after the update.

Disabling the vulnerable feature is easy enough to revert.  For example, after you run a "gem update"

#

Keep You Updated?

Log in to subscribe to changes to this notice.

Set your contact details for future notifications.