ChiliProject - CVE-2013-0156 Security Vulnerability

ChiliProject is not maintained anymore. Please be advised that there will be no more updates.

We do not recommend that you setup new ChiliProject instances and we urge all existing users to migrate their data to a maintained system, e.g. Redmine. We will provide a migration script later. In the meantime, you can use the instructions by Christian Daehn.

CVE-2013-0156 Security Vulnerability

Added by Chris N at 2013-01-10 07:58 am

Hi everyone, I am just wondering what Chiliproject's official recommendation is with regards to the latest Rails security vulnerability: https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ

Can we safely disable the XML parameter parser as suggested in the notice?

Thanks

Replies (2)

RE: CVE-2013-0156 Security Vulnerability - Added by Felix Schäfer at 2013-01-10 08:33 am

Or you could upgrade to 3.5.0 released yesterday with the updated Rails version http://blog.chiliproject.org/releases/chiliproject-3-5-0-released/

RE: CVE-2013-0156 Security Vulnerability - Added by Chris N at 2013-01-10 08:42 am

Thank you, that is perfect.

(1-2/2)