So I've applied the workaround, which is great, but how do I test that the workaround is indeed working?
I realize that providing an in-depth answer is tantamount to publishing an exploit how-to, but some reasonable way to privately test this would be very useful.
Maybe a "simple" URL tester hosted by a trusted Rails source (e.g. rubyonrails.org)? Ok, has the obvious issue of showing the world who they should target, but maybe you can riff on that theme?
Auditing and stuff you know. For some reason people in charge get really upset when all our base are belong to the bad guys.
I realize that providing an in-depth answer is tantamount to publishing an exploit how-to, but some reasonable way to privately test this would be very useful.
Maybe a "simple" URL tester hosted by a trusted Rails source (e.g. rubyonrails.org)? Ok, has the obvious issue of showing the world who they should target, but maybe you can riff on that theme?
Auditing and stuff you know. For some reason people in charge get really upset when all our base are belong to the bad guys.