Order VPS Hosting
Order a VPS, Semi- dedicated or Dedicated server in Dallas, London or Australia.

Get Assistance
Ask our support team about your hosting requirements.

Host where the staff takes pride in making customers happy

Thanks a lot for your great service - Rimuhosting is surely one of the best hosting providers around.

- Helge (when canceling (due to not having enough time to develop his site)) (#83/330)
Home > Support > Notices > Ruby on Rails vulnerability

Related Links

Notice Links:


Ruby on Rails vulnerability

PostedWed, 9 Jan 2013 01:33 AM UTC
Last UpdateWed, 9 Jan 2013 03:47 AM UTC (315 weeks ago)

If you are running any Ruby on Rails based websites please check http://arstechnica.com/security/2013/01/extremely-crtical-ruby-on-rails-bug-threatens-more-than-200000-sites/

You will need to update your server to avoid exploits.

Note: this will not affect most customers.  Only those customers who have installed Rails.

If you need us to help, please pop in a support ticket.

The fix is to either a) 'upgrade everything' or b) disable the vulnerable code.  The 'upgrade everything' may cause compatibility issues.  And can be difficult to revert.  Have your rails developer run a "gem update" then test the changes.

Else disable the vulnerable code in your apps initialization code.  See https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion

If you change the initialization code be sure to commit that code change to your version control repository.  If you'd like us to change that just provide us the location / directory of that initialization code and the commands you use to restart rails on your server.  Also provide a URL that we can use to test that your app is working as expected after the update.

Disabling the vulnerable feature is easy enough to revert.  For example, after you run a "gem update"


Keep You Updated?

Log in to subscribe to changes to this notice.

Set your contact details for future notifications.