Closed L2G closed 11 years ago
I have found some CVEs in the (U.S.) National Vulnerability Database that pertain to versions of Rails up to and including version 2.3.15.
It may be sufficient to upgrade to 2.3.17.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0276 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0277 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0333
Thanks for bringing this up, actually with the urgency I'd already done the upgrade on the server without actually submitting the change into github. I'll do that now.
I have found some CVEs in the (U.S.) National Vulnerability Database that pertain to versions of Rails up to and including version 2.3.15.
It may be sufficient to upgrade to 2.3.17.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0276 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0277 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0333