All previous versions are affected by at least one security hole

Mar 20, 2013 08:41 GMT  ·  By

Ruby on Rails 3.2.13, 3.1.12 and 2.3.18 have been released and, according to the developer, they contain some important security fixes.

The security holes patched in these releases are a symbol denial-of-service (DOS) vulnerability in Active Record, a cross-site scripting (XSS) vulnerability in “sanitize_css” in Action Pack, a XML parsing issue that affects JRuby users, and an XSS flaw in the “sanitize” helper.

The CVE-2013-1854, CVE-2013-18545, CVE-2013-1856 and CVE-2013-1857 CVE identifiers have been assigned to these vulnerabilities.

All previous versions are impacted by at least one of these vulnerabilities, so those who use other variants than the ones named here are advised to download patches from Github.

Users are advised to apply the updates as soon as possible.

Ruby on Rails is available for download here