Rails 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, 3.2.22.1, and rails-html-sanitizer 1.0.3 发布,有重要安全修复,请尽快更新:
CVE-2015-7576 Timing attack vulnerability in basic authentication in Action Controller.
CVE-2016-0751 Possible Object Leak and Denial of Service attack in Action Pack
CVE-2015-7577 Nested attributes rejection proc bypass in Active Record.
CVE-2016-0752 Possible Information Leak Vulnerability in Action View
CVE-2016-0753 Possible Input Validation Circumvention in Active Model
CVE-2015-7581 Object leak vulnerability for wildcard controller routes in Action Pack
软件详情:https://github.com/rails/rails/compare/v5.0.0.beta1...v5.0.0.beta1.1
下载地址:http://rubyonrails.org/download
来自:开源中国社区
