Try Engine Yard for your Rails app
START A FREE TRIALFree Download
"Top 10 Advantages of Platform-as-a-Service"
Should you DIY your app deployment & maintenance or hand it off?
Subscribe to the Engine Yard blog for expert Rails tips!
Nginx Security Vulnerability: SSL Man in the Middle Attack
A security vulnerability in all versions of nginx (as well as several other web servers) has been reported. Attackers can exploit this vulnerability by intercepting SSL sessions and compromising encryption key renegotiation via a plaintext injection, allowing the attacker to read the plaintext of the SSL session. A patch has been released for this vulnerability.
Engine Yard customers have already been contacted via email about this issue. For Engine Yard Cloud customers, this patch will be automatically applied the next time you perform a deploy. All other customers should open a support ticket so that you can arrange an appropriate maintenance window with support.
Share your thoughts with @engineyard on Twitter