FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

rails -- multiple vulnerabilities

Affected packages
rubygem-actionpack < 3.2.22.2
rubygem-actionpack4 < 4.2.5.2
rubygem-actionview < 4.2.5.2
rubygem-rails < 3.2.22.2
rubygem-rails4 < 4.2.5.2

Details

VuXML ID 5a016dd0-8aa8-490e-a596-55f4cc17e4ef
Discovery 2016-02-29
Entry 2016-03-06

Ruby on Rails blog:

Rails 4.2.5.2, 4.1.14.2, and 3.2.22.2 have been released! These contain the following important security fixes, and it is recommended that users upgrade as soon as possible.

References

CVE Name CVE-2016-2097
CVE Name CVE-2016-2098
URL http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/
URL https://groups.google.com/d/msg/rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ
URL https://groups.google.com/d/msg/rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ