This week, we learned of several critical issues with the underlying technology (Rails) on which Mingle is built.* Due to the severity of these Rails issues, we have made a priority release available. You can find this release on our website.
If you prefer you can also patch your existing Mingle instance using the patch and installation instructions attached. The patch works for all supported versions of Mingle.
If your Mingle instance is available from outside of your corporate firewall, we strongly recommend that you disable access immediately and upgrade or apply the patch. You should not bring Mingle back up until the issue is resolved.
If your Mingle instance is not available from outside of your corporate firewall, although the risk is reduced, we still recommend you upgrade or apply this patch immediately.
This is a critical security issue that requires your immediate attention. This vulnerability is easily exploited and 100% repeatable.
If you use a Mingle instance that is hosted by ThoughtWorks we will apply the fix for you immediately. No further action is needed on your part.
If you have any questions about the security issue, upgrading or applying the patch please contact Customer Support on our website: http://www.thoughtworks-studios.com/support.
- Mingle Team
* Multiple vulnerabilities in parameter parsing in Action Pack (CVE-2013-0156) https://groups.google.com/forum/?hl=en&fromgroups=#!topic/rubyonrails-security/61bkgvnSGTQ
Please sign in to leave a comment.