aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/actionpack.gemspec
diff options
context:
space:
mode:
authorGreg Campbell <gregc@twitter.com>2014-07-09 11:33:09 -0700
committerGreg Campbell <gregc@twitter.com>2014-07-09 11:37:19 -0700
commit4003a5bd76ece6d5273e00bf9f468fbdcf9ce1d6 (patch)
tree2d1628444e02656f6c52a5f030c1ff3d4f7ff2aa /actionpack/actionpack.gemspec
parent4c34ad37b2e15731ecf22686fa98755ca0c4757e (diff)
downloadrails-4003a5bd76ece6d5273e00bf9f468fbdcf9ce1d6.tar.gz
rails-4003a5bd76ece6d5273e00bf9f468fbdcf9ce1d6.tar.bz2
rails-4003a5bd76ece6d5273e00bf9f468fbdcf9ce1d6.zip
Address CVE-2014-4671 (JSONP Flash exploit)
Adds a comment before JSONP callbacks. See http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/ for more details on the exploit in question.
Diffstat (limited to 'actionpack/actionpack.gemspec')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-19 15:48:49 +0000