1 Reply Latest reply on Jun 1, 2013 5:48 AM by Brian Lockhart

    Ruby on Rails vulnerability

    Web Master

      Hi, reading about exploits of January's Ruby on Rails vulnerability:

       

      http://arstechnica.com/security/2013/01/extremely-crtical-ruby-on-rails-bug-threatens-more-than-200000-sites/

       

      It seems that these were addressed in Tableau Server 8.0.1 (May 2013).

       

      However, we're running Tableau Server 7.0.15.  There's a mention of a Ruby on Rails patch in 7.0.14, but it seems to be a JSON parser fix.  The Rails patches in Tableau Server 8.0.1 seem to be XML parser fixes.  It's not clear to me whether the JSON vulnerabilities are related to/same as the XML parser vulnerabilities.  So, the question is, is 7.0.15 fully patched against all Ruby on Rails vulnerabilities?  Or do we need to upgrade to 8.0.1?

       

      Thanks for your help!