14 DAY TRIAL // Versions 3.2.16 and 4.0.2 of Ruby on Rails have been released to address a number of important security issues. Users are advised to update their installations as soon as possible.
There are four vulnerability fixes in both variants. The list includes an unsafe query generation risk caused by an incomplete fix to an older bug, reflected cross-site scripting (XSS) in the internationalization component of Ruby on Rails, XSS in the number_to_currency helper, and a denial-of-service (DOS) issue in Action View.
In addition to these problems, an XSS vulnerability in the simple_format helper has been addressed in Rails 4.0.2.
Kevin Reintjes, Toby Hsieh of SlideShare, Ankit Gupta, Peter McLarnan of Matasano Security, and Sudhir Rao have reported the security holes.
Additional technical details and workarounds for each of the flaws have been made available.
You can download Ruby on Rails from Softpedia’s Scripts section.