Padrino

JSON gem vulnerability

An vulnerability affecting the json gem has been found. A detailed explanation can be found at the Rails security mailing list.

This is not an isolated Rails issue, as it affects a third-party library. It affects all users of the json gem. This gem might be pulled in as a dependency of other libraries in use. You can check whether you application uses the json gem by running:

bundle show

We strongly urge all users of Padrino to upgrade their applications using:

bundle update json

to at least: 1.7.7, 1.6.8, 1.5.5.

Also, never use JSON.load, but JSON.parse, except when you really know what you are doing.

Contribute

Please report any issues you encounter with this release! We are working very actively on Padrino and want to make the framework as stable and reliable as possible. That concludes the changelog for this release. As always if you want to keep up with Padrino updates, be sure to follow us on twitter: @padrinorb, join us on IRC at “#padrino” on freenode, open an issue, or discuss on gitter.


Upgrade Rack immediately

All Rack users, including all Padrino users, should upgrade their Rack dependency as soon as possible. Multiple severe issues have been found, one of them including a potential remote code execution. This is espcially important if you are using Rack::Session::Cookie, which Padrino activates by default. See the Rack website for details.

To upgrade, use:

bundle update rack

And make sure that you installed any of these versions: 1.5.2, 1.4.5, 1.3.10, 1.2.8, 1.1.6.

Contribute

Please report any issues you encounter with this release! We are working very actively on Padrino and want to make the framework as stable and reliable as possible. That concludes the changelog for this release. As always if you want to keep up with Padrino updates, be sure to follow us on twitter: @padrinorb, join us on IRC at “#padrino” on freenode, open an issue, or discuss on gitter.


  • Prev Page
  • Next Page