Hacker News new | past | comments | ask | show | jobs | submit login

Sure thing:

Security announcement: Devise v2.2.3, v2.1.3, v2.0.5 and v1.5.4 released

http://blog.plataformatec.com.br/2013/01/security-announceme...




Upgrade immediately unless you are using PostgreSQL or SQLite3.

So using a real database mitigated the entire issue. Secondly, this security issue doesn't allow you to retrieve every user's password in 8 hours.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: