Forums/Studios News/Announcements

Urgent Mingle Patch Available Now

Suzie Prince
posted this on January 10, 2013 13:35

This week, we learned of several critical issues with the underlying technology (Rails) on which Mingle is built.* Due to the severity of these Rails issues, we have made a priority release available. You can find this release on our website.

If you prefer you can also patch your existing Mingle instance using the patch and installation instructions attached. The patch works for all supported versions of Mingle. 

If your Mingle instance is available from outside of your corporate firewall, we strongly recommend that you disable access immediately and upgrade or apply the patch. You should not bring Mingle back up until the issue is resolved.

If your Mingle instance is not available from outside of your corporate firewall, although the risk is reduced, we still recommend you upgrade or apply this patch immediately.

This is a critical security issue that requires your immediate attention. This vulnerability is easily exploited and 100% repeatable.

If you use a Mingle instance that is hosted by ThoughtWorks we will apply the fix for you immediately. No further action is needed on your part.

If you have any questions about the security issue, upgrading or applying the patch please contact Customer Support on our website: http://www.thoughtworks-studios.com/support.

Thank you

- Mingle Team

* Multiple vulnerabilities in parameter parsing in Action Pack (CVE-2013-0156) https://groups.google.com/forum/?hl=en&fromgroups=#!topic/rubyonrails-security/61bkgvnSGTQ

 

Comments latest first

User photo
Melissa Doerken
ThoughtWorks Support

Hi everyone,

 

To keep up to date on related issues, check out our post on the Latest Rails Vulnerability Issues Affecting Mingle.

 

Thanks,

Melissa

March 27, 2013 10:50
User photo
Gautam
Emimusic

Patch didn't work as it throws runtime error as attached file.

January 14, 2013 07:08