Published onJanuary 25, 2013Security Vulnerability Found in Heroku and Rails form_tagrailssecurityresponsible-disclosureI discovered and responsibly disclosed a vulnerability in the way that Heroku uses form_tag