Ruby on Ruby on Rails 3.0.20 and 2.3.16 have been released with one, and only one, “extremely critical security fix” The problem only affects Ruby on rails 3.1.x and 3.2.x branches. Problem is related to the flaw discovered earlier this month where the XML formatted parameters could include YAML serialised data which, when deserialised, would create live objects within the server which could be used to exploit it. Backend of the ActiveSupport. parscher is described as ‘incredibly naive’ in how it converts. text/json requests can be translated into and parsed as YAMl.”]