Posts tagged "security fix"

Session fixation vulnerability in Devise

There is a vulnerability in Devise source code that allows someone to steal your session through session fixation attacks. Who is affected? This vulnerability is present in all Devise versions, in both 1.0 and 1.1 branches. However, you are only affected if you are using a Active Record ou Memcached or other server persistent session … »