Greetings Fellow JRuby-ists …
latest SQL injection vulnearibilities [CVE-2014-3482] [CVE-2014-3483
affects AR-JDBC as well …
details at Rails forum
https://groups.google.com/forum/#!topic/rubyonrails-security/wDxePLJGZdI
If you’re riding JRuby on Rails with PostgreSQL, it’s strongly
recommended
to update to 1.3.9 !
As a reminder AR-JDBC maintains compatibility with all ActiveRecord 3.x
versions, thus you should not be eligible for those PG range / bit
string
injection attacks in any of those versions with JRuby (even if the Rails
team only fixed this in 3.2), since we use the very same code along side
all Rails versions we run with.
Have a cup of green tea on us and enjoy … <3 Team AR-JDBC