Search This Blog

Ruby On Rails version 3.2.2 fix two important security flaws


Ruby on Rails, The web app framework , has been updated to version 3.2.2 that address two important vulnerabilities and some other bugs.  These fixes are unrelated to the recent security issues with GitHub and Rails.

The two cross-site scripting vulnerabilities in the previous version allow attackers to take advantage of improperly sanitised options tag fields and direct manipulation of a safebuffer to execute arbitrary HTML in the browser of users visiting a Rails site.

The Rails 3.2.2 update also includes fixes which ensure log files are always flushed and that failing tests will exit with non-zero status codes. It also removes calls to some deprecated methods and includes various Ruby 2.0 compatibility fixes.

Download the latest version from here:
http://rubyonrails.org/download
Share it:

Security News