- CVE-2014-0081 XSS Vulnerability in number_to_currency, number_to_percentage and number_to_human.
- CVE-2014-0080 Data Injection Vulnerability in Active Record.
- CVE-2014-0082 Denial of Service Vulnerability in Action View when using render text.
If you are using Ruby stack for deploying your application, we strongly suggest to upgrade Rails to the latest version. We have released new versions of Ruby Stack native installers (all platforms), virtual machines and Amazon EC2 and Azure cloud images for the following platforms:
- Ruby Stack 1.9.3, with Ruby 1.9.3-p484 and Rails 3.2.17
- Ruby Stack 2.0.0, with Ruby 2.0.0-p353 and Rails 4.0.3
- Ruby Stack 2.1.0, with Ruby 2.1.0 and Rails 4.0.3