johnmckerrell
commented
11 years ago Thanks for bringing this up, actually with the urgency I'd already done the upgrade on the server without actually submitting the change into github. I'll do that now.
Closed L2G closed 11 years ago
johnmckerrell
commented
11 years ago Thanks for bringing this up, actually with the urgency I'd already done the upgrade on the server without actually submitting the change into github. I'll do that now.
I have found some CVEs in the (U.S.) National Vulnerability Database that pertain to versions of Rails up to and including version 2.3.15.
It may be sufficient to upgrade to 2.3.17.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0276 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0277 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0333