Git client vulnerabilities on case-insensitive filesystems: https://github.com/blog/1938-vulnerability-announced-update-your-git-clients NTPd vulnerabilities announced: http://www.kb.cert.org/vuls/id/852879 OSX and MS Windows users, start by updating your github apps and plugins and then your regular command-line git client. NTP fixes still pending for most platforms.
SSL certificates can be compromised using a new vulnerability that shipped on currently supported versions of Debian, Ubuntu, CentOS, Fedora, the BSDs, etc. Time update your servers, regenerate certs and if you are being rigorous about it, go through the … Continue reading →
A new SQL-injection vulnerability for the new year, this time in an otherwise common and innocuous-looking part of Ruby on Rails’ ActiveRecord: Post.find_by_id(params[:id]) It is disappointing that the default ORM in Rails cannot yet safely query by identifier, a task … Continue reading →