-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sheldon Hearn wrote: > The good news is, upstream seems to have taken disclosure complaints to > heart, and is now posting security advisories to the > rubyonrails-security Google Group: > > The bad news is, it looks like CVE-2007-3227 is only fixed properly in > rails-1.2.5: > > http://groups.google.com/group/rubyonrails-security/browse_thread/thread/225dcc61aaefad42
Yes, I know. I've been trying to upload it for last week but my GPG key expired and Debian is *really slow* at updating it so I can upload again. Blah. I just made it available on my people.debian.org site. http://people.debian.org/~adamm/packages/ We'll have to see how slow the Debian GPG key-update process actually is.... - -Adam -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHHNNR73/bNdaAYUURAtkOAJ9T/vZnXluYQhXsiLosW6jqYTYyJQCggZPx BBpOta5LpTG25m7xYkE2ORU= =z31l -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
