rod mclaughlin

Rails security flaw (11 jan 13)

http://www.securityweek.com/ruby-rails-releases-extremely-critical-security-fixes-–-exploit-code-en-route

Some of my apps are Rails 2, some 3, and some 4 beta
For the Rails 2 apps, I put a Ruby file in config/initializers/ containing this line:
ActionController::Base.param_parsers.delete(Mime::XML)
and this line
ActionDispatch::ParamsParser::DEFAULT_PARSERS.delete(Mime::XML)
for the Rails 3 and 4 beta apps

See

https://github.com/pdxrod/.../spec/rockonruby/config/initializers/rpgsecurityfix.rb

Portland

London