Ruby On Rails Releases Fixes For DoS, XSS Vulnerabilities

In 18th March, Ruby on Rails released four new versions along with fixes for a number of vulnerabilities, which could have lead to denial of service attacks and XSS injections. According to a post in company’s blog a total of 4 vulnerabilities were addressed in version 3.2.13, 3.1.12 and 2.3.18 of Rails. The company wrote “All versions are impacted by one or more of these security issues,”

The patches were released for symbol denial service (DoS) vulnerability (CVE-2013-1854) in ActiveRecord function and for two cross-sites scripting vulnerabilities i.e. sanitize helper (CVE-2013-1857) and sanitize_css method in Action Pack (CVE-2013-1855).

According to one of the warnings, an additional XML parsing vulnerability in JDOM backend of ActiveSupport could have also allowed attackers to perform denial of service attack when using JRuby (CVE-2013-1856) or could have enabled to gain access to files stored in the app server.

The XSS vulnerability could have allowed attackers to embed tag URL, which executes arbitrary JavaScript code.

The XSS vulnerabilities in particular could have allowed an attacker to embed a tag containing a URL that executes arbitrary JavaScript code.

Ruby on rails developer have fixed a number of similar issues in Ruby on Rails last month, which also included a YAML issue in ActiveRecord that lead to remote code execution

Components And Platforms For Mobile Application Development

In the era of latest technologies the mobile applications are becoming more n more popular being handy and easy to use with the help of latest gadgets.

People are not only taking full advantage of these gadgets but also getting profit in the market through selling a variety of mobile applications. These are safe, user-friendly and easily accessible regardless of geographical location.

Prior to this technology the platforms like Symbian, Windows Mobile and Linux were used for mobile application development and the runtime environment like Mozilla Firefox, Opera Mini, RIM, virtual machines such as Java/J2ME, BREW, Flash were used to execute the applications. Now Android and Java are playing a vital role in a creative mobile application development environments.

Android is a framework built specifically for mobile devices. It has a well-designed operating system through Linux by Google and Open Handset Alliance.

Day-by-day it becomes the hottest, fast growing mobile platform in the world for mobile application development. Android is the exceptional platform that allows android developer to build unique, creative, sophisticate and multi tasking applications. In android smart phones the android applications can run simultaneously without affecting the performance.

Java is not only built for web pages or web application development but also it has huge contribution towards mobile application development. Using Java, html and css a java developer can build more powerful & faster mobile applications than the old generation applications written in C. Most smart phone mobile applications are built with J2ME components. J2ME mobile applications are more popular and widely used platform for wireless phones among the top manufacturing smart phone companies like BlackBerry, iOS, Android.

Andolasoft is backed by a team having strong analytical skill & solid expertise in mobile application development in various platforms like Android and Java to satisfy your needs. You will get the right help & support from Andolasoft development team for any kind of mobile application development.