Two new versions of Ruby On Rails have been released today. As well as including a number of bugfixes they contain fixes for some security issues. The full details of each of the vulnerabilities are available on the rubyonrails-security mailing list. We strongly urge you to update production Rails applications as soon as possible. Rather than post the advisories individually to this blog, I’ll just link to the google talk archives.
Install the latest version using gem install rails. Or if you’re using bundler, edit your gemfile and run bundle update rails.
Affecting 2.×.x and 3.0.x
Affecting 3.0.x only