From 8fa1235c2734a921b633cde498318dbafa959284 Mon Sep 17 00:00:00 2001 From: Dallas Taylor Date: Tue, 28 Apr 2009 12:40:06 +0100 Subject: changed sentence --- railties/guides/source/security.textile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/railties/guides/source/security.textile b/railties/guides/source/security.textile index 7b93fa7561..875c4ae6e5 100644 --- a/railties/guides/source/security.textile +++ b/railties/guides/source/security.textile @@ -967,7 +967,7 @@ Transfer-Encoding: chunked Content-Type: text/html -Under certain circumstances this would present the malicious HTML to the victim. However, this seems to work with Keep-Alive connections, only (and many browsers are using one-time connections). But you can't rely on this. _(highlight)In any case this is a serious bug, and you should update your Rails to version 2.0.5 or 2.1.2 to eliminate Header Injection (and thus response splitting) risks._ +Under certain circumstances this would present the malicious HTML to the victim. However, this only seems to work with Keep-Alive connections (and many browsers are using one-time connections). But you can't rely on this. _(highlight)In any case this is a serious bug, and you should update your Rails to version 2.0.5 or 2.1.2 to eliminate Header Injection (and thus response splitting) risks._ h3. Additional Resources -- cgit v1.2.3