RailsÍŶӽñÌì·¢²¼ÁËÁ½¸ö°²È«¸üа汾----Rails 3.2.16ºÍ4.0.2£¬ÐÞ¸´ÁËһЩÖØÒªµÄ°²È«Â©¶´¡£ÎªÁËʹÉý¼¶¸üƽ»¬£¬ÏÂÃæµÄÁ´½ÓÖÐÖ»ÌṩÁËÕë¶ÔÏàӦ©¶´µÄ²¹¶¡£¬Äã¿ÉÒÔµ¥¶ÀÏÂÔØÉý¼¶¡£
3.2.16¡¢4.0.2°æ±¾ÖÐÐÞ¸´µÄ°²È«Â©¶´ÈçÏ£º
CVE-2013-6417£º²éѯÉú³ÉÆ÷©¶´£¬Ó°Ïìȫϵ°æ±¾¡£Õâ¸öÎÊÌâ֮ǰÒѾÐÞ¸´ÁË£¨CVE-2013-0155£©£¬µ«Î´ÐÞ¸´ÍêÕû£¬Ò»Ð©µÚÈý·½¿â¿ÉÄÜ»áÈƹý±£»¤¡£
CVE-2013-4491£º·´ÉäÐÍXSS©¶´£¬´æÔÚÓÚRails¹ú¼Ê»¯×é¼þÖУ¬Ó°Ïì3.0.6¼°Ö®ºóµÄ°æ±¾¡£
CVE-2013-6415£ºnumber_to_currencyÖúÊÖÖеÄXSS©¶´£¬Ó°Ïìȫϵ°æ±¾¡£
CVE-2013-6414£ºAction View×é¼þÖеÄDoS©¶´£¬Ó°Ïì3.0.0¼°Ö®ºóµÄ°æ±¾¡£
³ý´ËÖ®Í⣬4.0.2°æ±¾Öл¹ÐÞ¸´ÁËÈçÏ°²È«Â©¶´£º
CVE-2013-6416£ºsimple_formatÖúÊÖÖеÄXSS©¶´£¬Ó°Ïì4.0.0ºÍ4.0.1°æ±¾¡£
½¨ÒéÊÜÓ°ÏìµÄ°æ±¾Óû§¾¡¿ìÉý¼¶£¬¿Éµã»÷ÉÏÃæµÄÁ´½Ó£¬ÔÚ´ò¿ªµÄÒ³ÃæÖÐÏÂÔØÏàÓ¦µÄ²¹¶¡¡£
ÏîÄ¿Ö÷Ò³£ºhttp://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
ÏÂÔصØÖ·£ºhttp://rubyonrails.org/download
À´×Ô:¿ªÔ´ÖйúÉçÇø
