CSRF Protection Bypass in Ruby on Rails
There is a vulnerability in Ruby on Rails which could allow an attacker to circumvent the CSRF protection provided. This vulnerability has been assigned the CVE Identifier CVE-2011-0447. Versions Affected: 2.1.0 and above Not affected: Applications which don’t use the built in CSRF protection. Fixed Versions: 3.0.4, 2.3.11 Impact Certain combinations of browser plugins and HTTP redirects can be us
Rails for Zombies
This morning my team over at Envy Labs released a free online tutorial called Rails for Zombies. The website combines screencasts with in-browser coding to provide an interactive learning experience teaching the basics of Ruby on Rails. Learning Rails for the first time should be fun, and Rails for Zombies allows you to get your feet wet without any setup or configuration. At the moment the applic
Rails Has Great Documentation
To this day I still hear people complain that Rails has poor documentation. From where I’m sitting this seems far from the truth. Let me lay out the evidence piece by piece: RailsTutorial.org To learn Rails from scratch Michael Hartl recently finished his book Ruby on Rails Tutorial: Learn Rails by Example. The book teaches Rails 3 from the ground up and it’s available for FREE online. If you’d ra
Rails 3.0: Release candidate 2
The release candidate process is progressing as planned. This second candidate has very few changes over the first, which means that unless any blockers are discovered with this release, we’re targeting the final release of Rails 3.0 for this week(!!!). So please do help us weed out any blockers. Especially in our two new main dependencies: Bundler and ARel. They’ve both progressed into release ca
Ruby on Rails: Rails 3 Screencasts
In this first episode we cover the new command line options for Rails and the new Action Dispatch component. Action Dispatch contains a new syntax for routing which is even more concise and readable. Watch Video or download: Quicktime HD | iPhone/iPod The production of this screencast was sponsored by New Relic. Rails 3 ships with Bundler, a Ruby library that makes Dependency Management a painless
Ruby on Rails 2.3.8 Released
The 2.3.7 release slipped out the door too hastily. Fixing compatibility with the rails_xss plugin inadvertently forced everyone to use it. Facepalm. I apologize for wasting a chunk of your day on installing what ought to have been a patch-level update only to find it breaks your app. That’s well out of line with our stable release process and it’s my fault for stepping out of it. I got caught up
Ruby Hero Awards 2010
It’s that time again to take a moment to think about those people who have impacted Ruby community but have not received the recognition they deserve. We have given away twelve awards in the past two years at Railsconf, and this year we are preparing to give away six more. But we need your help. So, if you know someone who has contributed to our community this year please take a moment to show som
Rails and the Enterprise
If you have been in the Rails community for a little while, you have more than likely noticed the love/hate relationship that is entertained by the community vis-à-vis the Enterprise. Some people hate the enterprise and publicly tell it to go f*ck itself (49:39), on the other hand, these same people are also proud to mention that some major players in the industry use Ruby and Rails. The truth is
Introducing Rails Metal
Rails Edge adopted Rack a while back and we’ve been exploring ways to expose that better. The first thing we did was to make it really easy to hook up any piece of Rack middleware in front of a Rails request. In your config/environment.rb file, you can do: config.middlewares.use(Rack::Cache, :verbose => true) This will make your application use Ryan Tomayko’s excellent Rack::Cache middleware for b
1
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
