Developers of Ruby on Rails framework urge users to update their installations as soon possible after the discovery of several critical vulnerabilities. Last week it was a. SQL injection vulnerability in Ruby on. Rails, and today comes the disclosure of a series of. vulnerabilities that could enable an attacker to. compromise vulnerable. Users should upgrade to versions 3.2.11, 3.1.10,. 3.0.19 or 2.3.15, which contain fixes for the vulnerabilities. There are some mitigations and workarounds for these vulnerabilities, including disabling XML entirely.
Source: https://threatpost.com/critical-flaws-patched-ruby-rails-010813/77381/