Ruby on Rails Updated to Version 3.2.2
The update patches two cross-site scripting vulnerabilities.
Version 3.2.2 of Ruby on Rails was recently released, patching two significant security flaws.
"Users are advised to upgrade their installations as quickly as possible due to the serious nature of the fixed security flaws -- these fixes are unrelated to the recent issues with GitHub and Rails," The H Security reports.
"The two cross-site scripting vulnerabilities that were fixed allow attackers to take advantage of improperly sanitised options tag fields and direct manipulation of a safebuffer to execute arbitrary HTML in the browser of users visiting a Rails site," the article states.
Go to "Ruby on Rails updated to fix security flaws" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.