Rails security updates released: 2.3.18, 3.1.12, 3.2.13

1 point

13 years ago

This release includes security updates for three issues:

1. [CVE-2013-1855] XSS vulnerability in sanitize_css in Action Pack [1]

2. [CVE-2013-1856] XML Parsing Vulnerability affecting JRuby users [2]

3. [CVE-2013-1857] XSS Vulnerability in the `sanitize` helper of Ruby on Rails [3]

[1] https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8 [2] https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KZwsQbYsOiI [3] https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI