The Ruby on Rails team released versions 4.2.5.1, 4.1.14.1, and 3.2.22.1 of the framework last week to address multiple issues in Rails and rails-html-sanitizer, a Ruby gem that sanitizes HTML input. Even though the team released fixes addressing four vulnerabilities in Rails 3.x, it warned that the 4.1.x and 4.2.x series are the only ones under active support and users on older versions should move their applications immediately.
“Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases,” Aaron Patterson, a well-known Ruby and Rails contributor, wrote in a security advisory.
To read this article in full or to leave a comment, please click here