The Ruby on Rails stack has been updated to 2.3.17 to fix
various security issues and bugs.
The rails gems have been updated to fix:
- Unsafe Query Generation Risk in Ruby on Rails
(CVE-2013-0155)
- Multiple vulnerabilities in parameter parsing in
Action Pack (CVE-2013-0156)
- activerecord: SQL Injection (CVE-2012-5664)
- rails: Vulnerability in JSON Parser in Ruby on Rails
3.0 and 2.3 (CVE-2013-0333)
- activerecord: Circumvention of attr_protected
(CVE-2013-0276)
- activerecord: Serialized Attributes YAML
Vulnerability with Rails 2.3 and 3.0 (CVE-2013-0277)