Hacker News new | past | comments | ask | show | jobs | submit login

Is it possible to update the title of this post to remove the "affecting JRuby users" portion? The current title will give non-JRuby users a false sense of security.



This vulnerability is only applicable to JRuby users who use the JDOM parser. JDOM is not usable on non-JRuby platforms.


CVE-2013-1855 & CVE-2013-1857 are applicable to ALL Ruby users, not just JRuby.


Oh, I read you now. Since the link goes to just the JRuby-related announcement, I'm going to leave it in place for now, but please go ahead and submit the other two (especially the sanitize() one) - the spam filter seems to be upset at me. :)




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: