Two new versions of Ruby On Rails have been released today. As well as including a number of bugfixes they contain fixes for some security issues. The full details of each of the vulnerabilities are available on the rubyonrails-security mailing list. We strongly urge you to update production Rails applications as soon as possible. Rather than post the advisories individually to this blog, I’ll just link to the google talk archives.
Install the latest version using . Or if you’re using bundler, edit your gemfile and run .
Affecting 2.×.x and 3.0.x
- CSRF Bypass Risk CVE-2011-0447
Affecting 3.0.x only