28 Jan 2013
Hot on the heels of the recent security problem with YAML, obviously some people figured out how to inject YAML into your JSON when using Rails 2.3 or 3.0 (3.1+ do not seem to be affected). Check out the officai announcement on the rails-security list. Though the announcement is not very specific since it explicitly mentions the injection of a YAML payload into your JSON it is very likely this is just as severe as the recent one. If you're on any of these versions, please upgrade or patch as soon as possible.