Rails 2ç³»ã™ã¹ã¦ã®ãƒ–ランãƒã«è„†å¼±æ€§ã€Ruby 1.9ユーザã¯ã‚¢ãƒƒãƒ—ã‚°ãƒ¬ãƒ¼ãƒ‰æ³¨æ„ | エンタープライズ | マイコミジャーナルRuby on Rails 4æ—¥(米国時間)ã€Ruby on Railsã®2ç³»ã™ã¹ã¦ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã«XSSã®è„†å¼±æ€§ãŒã‚ã‚‹ã“ã¨ãŒRiding Rails: XSS Vulnerability in Ruby on Railsã«ãŠã„ã¦ç™ºè¡¨ã•ã‚ŒãŸã€‚特定ã®Unicodeæ–‡å—列を使ã£ã¦ãƒã‚§ãƒƒã‚¯ã‚’ããり抜ã‘ã€ä»»æ„ã®HTMLã‚’é€ã‚Šè¾¼ã¾ã‚Œã‚‹å±é™ºæ€§ãŒã‚る。ãªãŠRuby 1.9ç³»ã§å‹•ä½œã—ã¦ã„るアプリケーションã¯ã“ã®å½±éŸ¿ã‚’å—ã‘ãªã„。ãã‚Œãžã‚Œã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã«å¯¾ã™ã‚‹ãƒ‘ッãƒã¯æ¬¡ã®ã¨ãŠã‚Šã€‚ 2-0-CVE-2009-3009.patch - Patch for 2.0 series 2-1-CVE-2009-3009.patch - Patch for 2.1 series 2-2-CVE-2009-3009.patch - Patch for 2.2 series 2-3-CVE-2009-3009.patch - Pa
{{#tags}}- {{label}}
{{/tags}}