I never said this is a security vulnerability in Rails. I said it is a bug (and ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jtimberman on March 5, 2012 \| parent \| context \| favorite \| on: Github Is Classy I never said this is a security vulnerability in Rails. I said it is a bug (and a serious one). A bug, as you may be aware, is a mistake, fault, failure, problem or other unintended or surprising behavior in software. See updates to my post for some additional clarification. I hope that helps. Thanks for reading!

mofey on March 5, 2012 [–]

"The same user exploited another vulnerability". It wasn't exactly "another vulnerability". It still had to do with the same mass attribute assignment feature just in a different place.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact