Rails LTS (<= 4.2) contains a fix for CVE-2021-22885, but this includes a breaking change you can opt out of. In Rails 5.2 LTS and upward you cannot opt...
There is a possible ReDoS (regular expression denial of service) vulnerability in the activerecord gem that is part of Rails...
Mimicking the offical change in Rails 5.1.8 to protect against CVE-2022-32224, all versions of Rails LTS try to use YAML.safe_load to deserialize database columns in ActiveRecord. This...
This is a list of known CVEs relevant for Rails LTS 2.3+. All CVEs are fixed in all versions of Rails LTS (or may not affect some versions). If a...
...with up to date versions of the rails_xss plugin is not affected. CVE-2012-1099 Fixed in 2.3 LTS. CVE-2012-2660 Rails 2.3 is not affected.
June 6th 2025, Rack version 1.4.7.24 Fixed CVE-2025-49007: ReDoS Vulnerability in Rack Multipart Handling. Read the announcement. May 9th 2025, Rack version 1.4.7.23 Backported fixes for 2 CVEs...
...Read the announcement. This includes fixes for Unbounded-Parameter DoS in Rack::QueryParser (CVE-2025-46727) Session Reuse in Rack::Session::Pool (CVE-2025-32441) March 13th, 2025, Rack version...
June 6th 2025, Rack version 1.4.7.24 Fixed CVE-2025-49007: ReDoS Vulnerability in Rack Multipart Handling. Read the announcement. May 9th 2025, Rack version 1.4.7.23 Backported fixes for 2 CVEs...
...Read the announcement. This includes fixes for Unbounded-Parameter DoS in Rack::QueryParser (CVE-2025-46727) Session Reuse in Rack::Session::Pool (CVE-2025-32441) March 13th, 2025, Rack version...
June 6th 2025, Rack version 1.6.13.22 Fixed CVE-2025-49007: ReDoS Vulnerability in Rack Multipart Handling. Read the announcement. May 9th 2025, Rack version 1.6.13.21 Backported fixes for 2 CVEs...
...Read the announcement. This includes fixes for Unbounded-Parameter DoS in Rack::QueryParser (CVE-2025-46727) Session Reuse in Rack::Session::Pool (CVE-2025-32441) March 13th, 2025, Rack version...
June 6th 2025, Rack version 2.2.17.10 Merged upstream changes from Rack 2.2.17. Fixed CVE-2025-49007: ReDoS Vulnerability in Rack Multipart Handling. Read the announcement. May 9th 2025, Rails version...
...Read the announcement. This includes fixes for Unbounded-Parameter DoS in Rack::QueryParser (CVE-2025-46727) Session Reuse in Rack::Session::Pool (CVE-2025-32441) March 13th 2025, Rails version...
June 6th 2025, Rack version 2.2.17.10 Merged upstream changes from Rack 2.2.17. Fixed CVE-2025-49007: ReDoS Vulnerability in Rack Multipart Handling. Read the announcement. May 9th 2025, Rails version...
...Read the announcement. This includes fixes for Unbounded-Parameter DoS in Rack::QueryParser (CVE-2025-46727) Session Reuse in Rack::Session::Pool (CVE-2025-32441) March 13th 2025, Rails version...
We maintain several forks since [CVE-2023-23913] of rails-ujs and jquery-ujs. Since each Rails app has a different way of handling asset packages, we introduced several new...
...download.patch. This patch applies to Ruby version 1.8.7-p374 and fixes the following issues: CVE-2015-1855: Ruby OpenSSL Hostname Verification CVE-2013-4164: Heap Overflow in Floating Point Parsing...
...download.patch. This patch applies to Ruby version 1.9.3-p551 and fixes the following issues: CVE-2015-1855: Ruby OpenSSL Hostname Verification Installation using RVM First, make sure you have a...
Best results in other decks
...dfsg-1.3build2.1) UNRELEASED; urgency=medium * SECURITY UPDATE: possible arbitrary file leak (CVE-2022-44268) * Backport upstream https://github.com/ImageMagick/ImageMagick6/commit/3c5188b41902a909e163492fb0c19e49efefcefe -- YOUR NAME <YOUR@EMAIL-ADDRESS> Sun, 05 Feb...
...dfsg-2.1ubuntu11.4.1) UNRELEASED; urgency=medium * SECURITY UPDATE: possible arbitrary file leak (CVE-2022-44268) * Backport upstream https://github.com/ImageMagick/ImageMagick6/commit/3c5188b41902a909e163492fb0c19e49efefcefe -- YOUR NAME <YOUR@EMAIL-ADDRESS> Sun, 05 Feb...
...fails like this: Invalid query parameters: invalid %-encoding (../../../../../../../../../etc/passwd%%0000.html) Someone tries to exploit CVE-2019-5418. If you use the latest Rails (or latest Rails LTS) you're safe...