Forum: JRuby [ANN] AR-JDBC 1.3.9 (Active Record SQL Injection Vulnerabilities Affecting PostgreSQL)

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
Caa2df9372ffa0a9e95b2bab1e8fea34?d=identicon&s=25 Karol Bucek (Guest)
on 2014-07-07 11:53
(Received via mailing list)
Greetings Fellow JRuby-ists ...

latest SQL injection vulnearibilities [CVE-2014-3482] [CVE-2014-3483
affects AR-JDBC as well ...
details at Rails forum!topic/rubyonrail...

If you're riding JRuby on Rails with PostgreSQL, it's strongly
to update to **1.3.9** !

As a reminder AR-JDBC maintains compatibility with all ActiveRecord 3.x
versions, thus you should not be eligible for those PG range / bit
injection attacks in any of those versions with JRuby (even if the Rails
team only fixed this in 3.2), since we use the very same code along side
all Rails versions we run with.

Have a cup of green tea on us and enjoy ... <3 Team AR-JDBC
This topic is locked and can not be replied to.