librelist archives

« back to archive

Security problem in default frab installations

Security problem in default frab installations

From:
Daniel Meißner
Date:
2013-06-03 @ 20:57
Hello,

it was discovered that our code base includes a predefined rails secret
token. This behavior is fixed with commit 6e9fb231 [1].

If you run your frab installation with secret token
530abdee46…d7d8e8ce98 it's highly recommended to change that
key:

  $ rake secret
  $ vi config/initializers/secret_token.rb
  → restart frab

Cheers,
  meise

[1] https://github.com/frab/frab/commit/6e9fb231

Re: [frab] Security problem in default frab installations

From:
Daniel Meißner
Date:
2013-06-11 @ 16:56
On Mon, 3 Jun 2013 22:57:20 +0200 "Daniel Meißner" <meise+frab@3st.be>
wrote:
> it was discovered that our code base includes a predefined rails
> secret token. This behavior is fixed with commit 6e9fb231 [1].

The issue was found, investigated, and reported by Sander Bos 
with assistance from Peter Bex. Many thanks to both.

Regards,
  meise