Ruby on Rails released versions 3.2.10, 3.1.9, and 3.0.18 of the software on Wednesday. The vulnerability is located in the framework’s Active Record database query interface. The developers apologized for releasing a security update so close to the holidays, but said they were forced to rush out a patch because the vulnerability had been publicly disclosed. Users of unsupported versions urged to upgrade as soon as possible because the future availability of security fixes for those versions is not guaranteed.”]