Katipo Project Survival Kit

Your Ruby is safe with us

11 June 2009

Yesterday a Ruby security vulnerability was announced that affects the Kete software. Katipo has already closed the security hole for all clients that host with us.

Ruby security vulnerabilities are relatively rare, I believe there was one in 2008, but a potential Denial of Service exploit was announced yesterday. A fix was quickly made available and Katipo has already updated all its machines that use Ruby (e.g sites that use Kete) to take advantage of it.

So if you are a Katipo client that uses Kete, your site has been secured promptly and without incident.

If you are interested in the technical details, or run a Kete site not hosted with Katipo, we've written up a topic for the Kete community at large with background information and outlining how to protect your site here:

http://kete.net.nz/blog/topics/show/279-dos-vulnerability-discovered-in-ruby-fix-available-for-kete-software