Lädt...


🔧 🚨 New Rails Versions Released: Addressing ReDoS Vulnerabilities 🚨


Nachrichtenbereich: 🔧 Programmierung
🔗 Quelle: dev.to

The Rails community has recently released Rails versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, addressing critical ReDoS (Regular Expression Denial of Service) vulnerabilities. If you are using Ruby 3.1 or earlier versions, it's crucial to upgrade to mitigate these security risks.

🚨 Key Issues Resolved:

  • CVE-2024-47887 - Possible ReDoS vulnerability in HTTP Token authentication within Action Controller.
  • CVE-2024-41128 - Possible ReDoS vulnerability in query parameter filtering in Action Dispatch.
  • CVE-2024-47888 - Possible ReDoS vulnerability in plain_text_for_blockquote_node within Action Text.
  • CVE-2024-47889 - Possible ReDoS vulnerability in block_format within Action Mailer.

💡 Why Should You Upgrade?

Ruby 3.1 is approaching end of life for security support, which means these vulnerabilities specifically affect applications running on Ruby versions below 3.2. By upgrading your Rails version, you're not only patching critical vulnerabilities but also ensuring your application remains secure and optimized for performance.

  • Rails 8.0.0.beta1 and newer releases are unaffected by these issues since they require Ruby 3.2+.
  • Many developers still use older Rails versions that may be vulnerable—upgrading to the latest releases ensures you have vital security coverage.

📈 What Does This Mean for Your Application?

  • Risk for Older Ruby Versions: If you're still on Ruby 3.1, it's time to upgrade to Ruby 3.2 or higher. Ruby 3.2 provides stronger protections against ReDoS attacks and improves overall security.

  • Extended Maintenance for Rails 6.1: The Rails team has extended support for Rails 6.1 by releasing 6.1.7.9, despite earlier plans to end maintenance. This extension gives teams running older versions time to transition smoothly.

Rails 6.1.7.9 and newer versions provide critical patches and help you secure your application from ReDoS vulnerabilities. Don't delay upgrading!

🚀 What Should You Do Next?

If your application is running on Ruby 3.1 or an earlier Rails version, now is the time to upgrade to the latest Rails releases to protect your application from these vulnerabilities. Ensuring that your application is updated guarantees better security and performance in the long term.

Need assistance with your upgrade process? I'm here to help! Let's work together to get your applications running on the latest Rails versions, keeping them safe and high-performing.

...

🔧 🚨 New Rails Versions Released: Addressing ReDoS Vulnerabilities 🚨


📈 67.58 Punkte
🔧 Programmierung

🕵️ Internet Bug Bounty: ReDoS (Rails::Html::PermitScrubber.scrub_attribute)


📈 29.21 Punkte
🕵️ Sicherheitslücken

🔧 Transaction Safety in Rails: Identifying and Addressing Non-Atomic Interactions


📈 26.05 Punkte
🔧 Programmierung

🕵️ GitHub Security Lab: CodeQL query for finding ReDoS and Regex Injection vulnerabilities in Java


📈 22.48 Punkte
🕵️ Sicherheitslücken

🔧 Supercharge Your Rails Development: A Deep Dive into Vite-Rails and React Integration


📈 22.36 Punkte
🔧 Programmierung

🔧 Rails Designer v1.4 introduces: Beautiful Layouts for Your Rails App


📈 22.36 Punkte
🔧 Programmierung

🔧 Rails Designer v1.4 introduces: Beautiful Layouts for Your Rails App


📈 22.36 Punkte
🔧 Programmierung

🔧 Identify unused Routes in Ruby on Rails before Rails 7.1 and with 7.1


📈 22.36 Punkte
🔧 Programmierung

🔧 🚀Ruby on Rails for beginners: build an online store with Rails


📈 22.36 Punkte
🔧 Programmierung

🕵️ Low CVE-2020-36190: Rails admin project Rails admin


📈 22.36 Punkte
🕵️ Sicherheitslücken

🕵️ Low CVE-2017-12098: Rails admin project Rails admin


📈 22.36 Punkte
🕵️ Sicherheitslücken

🕵️ Ruby on Rails 3.0/4.0 rails-html-sanitizer Cross Site Scripting


📈 22.36 Punkte
🕵️ Sicherheitslücken

🕵️ Ruby on Rails 3.0/4.0 rails-html-sanitizer Cross Site Scripting


📈 22.36 Punkte
🕵️ Sicherheitslücken

🕵️ Ruby on Rails 3.0/4.0 rails-html-sanitizer Cross Site Scripting


📈 22.36 Punkte
🕵️ Sicherheitslücken

🕵️ Ruby on Rails 3.0/4.0 rails-html-sanitizer Cross Site Scripting


📈 22.36 Punkte
🕵️ Sicherheitslücken

🕵️ Ruby on Rails 3.0/4.0 rails-html-sanitizer Cross Site Scripting


📈 22.36 Punkte
🕵️ Sicherheitslücken

🔧 Rails Designer v1.8: Ready for Rails 8 🫶


📈 22.36 Punkte
🔧 Programmierung

🕵️ Ruby on Rails 3.0/4.0 rails-html-sanitizer Cross Site Scripting


📈 22.36 Punkte
🕵️ Sicherheitslücken

🔧 How to continue to use Rails.application.secrets in Rails >= 7.2


📈 22.36 Punkte
🔧 Programmierung

🔧 How to continue to use Rails.application.secrets in Rails >= 7.2


📈 22.36 Punkte
🔧 Programmierung

🐧 Why do most people use Windows versions of software rather than Mac OS versions on Linux.


📈 21.99 Punkte
🐧 Linux Tipps

🕵️ Wireshark 3.0.4 Released – Several Vulnerabilities are Fixed & Updated Versions of Npcap


📈 21.01 Punkte
🕵️ Hacking

🐧 FreeCAD 1.0 release candidate is now available. Addressing TNP, new UI, new workbench


📈 19.84 Punkte
🐧 Linux Tipps

📰 Pixel's Proactive Approach to Security: Addressing Vulnerabilities in Cellular Modems


📈 19.32 Punkte
📰 IT Security Nachrichten

📰 White House Outlines Plan for Addressing BGP Vulnerabilities


📈 19.32 Punkte
📰 IT Security Nachrichten

🔧 IoT Security Vulnerabilities in Operational Technology: Addressing the Risks


📈 19.32 Punkte
🔧 Programmierung

matomo