diff options
| author | Dallas Taylor <dallastaylor@gmail.com> | 2009-04-28 12:40:06 +0100 |
|---|---|---|
| committer | Dallas Taylor <dallastaylor@gmail.com> | 2009-04-28 14:14:03 +0100 |
| commit | 8fa1235c2734a921b633cde498318dbafa959284 (patch) | |
| tree | 11920b29d6ae364652bdddf1c293bdee21b0269f | |
| parent | 24b78dfcd0d8446fa43a4ebadb558509409e72d8 (diff) | |
| download | rails-8fa1235c2734a921b633cde498318dbafa959284.tar.gz rails-8fa1235c2734a921b633cde498318dbafa959284.tar.bz2 rails-8fa1235c2734a921b633cde498318dbafa959284.zip | |
changed sentence
| -rw-r--r-- | railties/guides/source/security.textile | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/railties/guides/source/security.textile b/railties/guides/source/security.textile index 7b93fa7561..875c4ae6e5 100644 --- a/railties/guides/source/security.textile +++ b/railties/guides/source/security.textile @@ -967,7 +967,7 @@ Transfer-Encoding: chunked Content-Type: text/html </plain> -Under certain circumstances this would present the malicious HTML to the victim. However, this seems to work with Keep-Alive connections, only (and many browsers are using one-time connections). But you can't rely on this. _(highlight)In any case this is a serious bug, and you should update your Rails to version 2.0.5 or 2.1.2 to eliminate Header Injection (and thus response splitting) risks._ +Under certain circumstances this would present the malicious HTML to the victim. However, this only seems to work with Keep-Alive connections (and many browsers are using one-time connections). But you can't rely on this. _(highlight)In any case this is a serious bug, and you should update your Rails to version 2.0.5 or 2.1.2 to eliminate Header Injection (and thus response splitting) risks._ h3. Additional Resources |