=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2008/VULN325
_____________________________________________________________________

DATE                      : 03/09/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Rails version 2.0.x.

======================================================================
http://weblog.rubyonrails.org/2008/9/3/rails-2-0-4-maintenance-release
______________________________________________________________________

Rails 2.0.4: Maintenance release

Posted by David September 03, 2008 @ 09:43 AM

Thanks to Git it’s been a lot easier to maintain older branches of the
code base, so we’ve taken the opportunity to backport a bunch of bug
fixes to the 2.0 branch and here’s the release for that.

The only major issue is that we’ve fixed the REXML DoS vulnerability
with a monkey patch that ships in the box. So if you’re on 2.0 and
haven’t dealt with the issue already, you can upgrade to 2.0.4 and get
it fixed.

You can install with: gem install rails—version 2.0.4

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================