The rails core team has released ruby on rails 1.2.6 to address a bug in the fix for session fixation attacks (CVE-2007-5380). The CVE Identifier for this new issue is CVE-2007-6077.
To upgrade, `gem install rails`, set RAILS_GEM_VERSION to ‘1.2.6’ in config/environment.rb, and `rake rails:update:configs`.
comments : 0 Add comment
