Ruby5

6:23 Subscribe with iTunes or RSS

Episode #121 - October 19, 2010

Nathaniel Bibler Gregg Pollack

Phusion Passenger 3.0.0, Rails accepts_nested_attributes_for vulnerability, ARel 2.0, Slim, RFID, Fog, TinyTDS, and more on this episode of Ruby5.

This episode is sponsored by Top Ruby Jobs. Everyone deserves to love their job (and it's probably in Ruby).

• Top Ruby Jobs
• Passenger 3.0.0
• Rails Vulnerability
• tag-it
• Timeliness
• Slim
• Tiny TDS
• Fog
• ARel 2.0
• Ruby5

Security Vulnerability in Nested Attributes code in Ruby On Rails 2.3.9 and 3.0.0

Late last week, a vulnerability was identified in Rails which affects version 2.3.9 and 3.0.0. Specifically, it affects the ActiveRecord accepts_nested_attributes_for call. It allows an attacker to modify the form data transmitted back to your application in a way that may cause corruption or modification of other records in your database. The Rails Core team has released version 2.3.10 and 3.0.1 to fix the problem. You are encouraged to update as soon as is possible, now that this is a known threat.

• > Visit this Site
• Permalink this Story

May 21st, 2013

Easier rules for class structure, ProMotion for RubyMotion, JSON APIs in Rails 4, concurrency with Futuroscope, ActiveRecord help via Searchlight, and internationalization with haml-i18n-extractor.

May 17th, 2013

Today's episode covers a major release for minitest, some JSON standards work, a tutorial on tagging with ActiveRecord and Postgres (plus an arduino to trigger the spray paint can), a RubyMotion tutorial and a little thing called CoVim that will blow your mind.

May 14th, 2013

From multi to native json, JoyBox hits 1.0, ContextValidations and FormObjects, teaching kids at KidsCodeCamp, Plataformatec gems, tab navigation with Tabulous 2 and Git Real 2 online course.

May 10th, 2013

Manage access via GitHub organizations, RubyMotion 2.0, Sidekiq Pro 1.0, deprecating `::`, under the hood of Ruby's method dispatch, and the reform gem all in this episode of Ruby5.