similar to: [Announce] Samba 3.5.10, 3.4.14 and 3.3.16 Security Releases Available

I''m setting up a Paypal IPN listener and need the create action to not use rails'' default CSRF protection. I''ve got that working fine & test it actually works with cucumber (where I''ve turned CSRF back on, since it''s full-stack testing) but would like my controller spec to mention the need for protect_from_forgery :except => [:create] (and fail

Release Announcements --------------------- This is the third release candidate of Samba 3.6.0. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Major enhancements in Samba 3.6.0 include: Changed security defaults ------------------------- Samba 3.6 has

Release Announcements --------------------- This is the third release candidate of Samba 3.6.0. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Major enhancements in Samba 3.6.0 include: Changed security defaults ------------------------- Samba 3.6 has

Hi, http://apidock.com/rails/ActionController/RequestForgeryProtection only maintains one CSRF token at a time. When a user visits some site, he gets a new token in the session. He then might open a linked site of the same rails app in a new browser tab (maybe some info he''d like to read), and again he will get a new token. Then he changes to the first tab again and submits a form

Has anybody solved this issue. [ http://rubyforge.org/pipermail/facebooker-talk/2008-April/000552.html ] ? NameError (undefined local variable or method `controller'' for #<LeaveController:0xb7144abc>): /app/controllers/application.rb:24:in `verify_authenticity_token''

=================================================================== "Forgiveness is the economy of the heart... Forgiveness saves the expense of anger, the cost of hatred, the waste of spirits." Hannah More ================================================================== Release Announcements ===================== This is the first release of Samba 3.6.0. Major

=================================================================== "Forgiveness is the economy of the heart... Forgiveness saves the expense of anger, the cost of hatred, the waste of spirits." Hannah More ================================================================== Release Announcements ===================== This is the first release of Samba 3.6.0. Major

Hi all, Sometime, I get the following error in my application: ActionController::InvalidAuthenticityToken in ManageController#site_servers ActionController::InvalidAuthenticityToken I tried to put the code in manage controller between begin ... rescue ... end but it didn''t catch the error. So I tried in the application.rb controller, I put the forgery code between begin ... rescue ...

Hallo, I want to test the csrf protection of my application but forgery protection is not working with jquery ajax request. I have used Unobtrusive Javascript with jquery I have removed the <%= csrf_meta_tag %> so that my application do not include authenticity token. In my view I have the following code $(function () { $(''#alert'').click(function () { $.ajax({

Release Announcements --------------------- Samba 4.0.2, 3.6.12 and 3.5.21 have been issued as security releases in order to address CVE-2013-0213 (Clickjacking issue in SWAT) and CVE-2013-0214 (Potential XSRF in SWAT). o CVE-2013-0213: All current released versions of Samba are vulnerable to clickjacking in the Samba Web Administration Tool (SWAT). When the SWAT pages are integrated into

Release Announcements --------------------- Samba 4.0.2, 3.6.12 and 3.5.21 have been issued as security releases in order to address CVE-2013-0213 (Clickjacking issue in SWAT) and CVE-2013-0214 (Potential XSRF in SWAT). o CVE-2013-0213: All current released versions of Samba are vulnerable to clickjacking in the Samba Web Administration Tool (SWAT). When the SWAT pages are integrated into

Hi, I'm having problems with libvirt crashing after a couple hours when a specific domain monitoring program is running. I have pasted below the following: 1. libvirt version 2. qemu-kvm version 3. OS version 4. Kernel version 5. libvirt status post-crash 6. libvirtd.log (info level dump around crash; too long to post everything so just the beginning and end. UTC) 7. custom.log (on what

Hai, You can very easy upgrade to 3.5.12 on Jessie. Add sid to your sources.list, or better in : /etc/apt/sources.list.d/debian-sid.list Only the deb-src line is needed. Now apt-get update # install dependecies. apt-get build-dep squid # get and build source. apt-get source squid -b if you missing something, get that package first, build it, install it and do above again. !! thing to

> you are better off building the more up to date 3.5 version available > from Stretch/Testing repository. I disagree with this one, use SID and not testing, testing has a longer delay in security updates and coms after unstable. See : https://www.debian.org/security/faq Greetz, Louis > -----Oorspronkelijk bericht----- > Van: squid-users [mailto:squid-users-bounces at

Hi there, I have my first Rails app running and I regularly get the following "logged_exception" error message: "ActionController::InvalidAuthenticityToken" Has anybody an idea what might cause this problem? Could it somehow be a "time out" error (like an "AuthenticityToken" which might expire after a certain time, or something along those lines)? Any

Hello All, I''m a RoR newbiew, trying to experiment with Autocomplete, but I''m having some difficulties. When I start typing in my input box, instead of getting a nice drop down, the styling on my page is getting all out of wack (ie my background colours change, link styling changes, etc) and I''m not seeing any autcompletion data. Here are the steps I''ve taken

Maybe I am grasping the full usage of this protect_from_forgery function, but it does not seem to work for me. Imagine the following: A simple website with a user that needs to log in to do certain stuff and a closed off admin section that only certain users can access that have the is_admin field set to true. So to be clear, my User model has a login, password and is_admin. When displaying the

Newest wanpipe (3.3.16) beta drivers do not compile against dahdi-linux 2.2.0-rc2 which is what you get when you get dahdi-linux-current.tar.gz Anyone have a workaround or patch? Error below ==================== Building modules, stage 2. MODPOST CC /usr/src/wanpipe-3.3.16/patches/kdrivers/wanec/wanec.mod.o LD [M] /usr/src/wanpipe-3.3.16/patches/kdrivers/wanec/wanec.ko make[1]:

Hi all, I stuck a little bit of information on CSRF on the wiki (http://wiki.rubyonrails.com/rails/show/HowToAvoidCrossSiteRequestForgery) and created a "Security Concerns" page from the home page (http://wiki.rubyonrails.com/rails/show/Security+Concerns) - it would be good to have a single point of information for all know security holes and fixes (even if they aren''t Rails

Hi, I have to enable batch uploads to my website with CURL and forgery protection in ApplicationController is standing in my way. I do use the restful authentication plugin and I do call login_required on all actions. Should I keep forgery protection around? Forgery protection only makes sure that the client request has originated from client''s session, right? Is there anything else