Forum: JRuby [ANN] AR-JDBC 1.3.9 (Active Record SQL Injection Vulnerabilities Affecting PostgreSQL)

Caa2df9372ffa0a9e95b2bab1e8fea34?d=identicon&s=25 Karol Bucek (Guest)
on 2014-07-07 11:53
(Received via mailing list)
Greetings Fellow JRuby-ists ...

latest SQL injection vulnearibilities [CVE-2014-3482] [CVE-2014-3483
affects AR-JDBC as well ...
details at Rails forum!topic/rubyonrail...

If you're riding JRuby on Rails with PostgreSQL, it's strongly
to update to **1.3.9** !

As a reminder AR-JDBC maintains compatibility with all ActiveRecord 3.x
versions, thus you should not be eligible for those PG range / bit
injection attacks in any of those versions with JRuby (even if the Rails
team only fixed this in 3.2), since we use the very same code along side
all Rails versions we run with.

Have a cup of green tea on us and enjoy ... <3 Team AR-JDBC
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.