Several important Rails security vulnerabilities were recently published. They affect the current 3.2 and 4.0 versions of the Rails framework. You can find more info about them at this Rails blog post.
If you are using Bitnami Ruby Stack, it is recommended that you upgrade Rails to the new patched versions: 3.2.16 or 4.0.2. We just released new versions of the installers, virtual machines and Amazon EC2 or Azure cloud images that ship the updated Rails versions:
- Ruby Stack 1.9.3, with Ruby 1.9.3-p484 and Rails 3.2.16
- Ruby Stack 2.0.0, with Ruby 2.0.0-p353 and Rails 4.0.2
- Ruby Stack 2.0.1preview2, with Ruby 2.0.1preview2 and Rails 4.0.2
We have released updated Redmine, GitLab, Spree, Tracks, Gitorious stacks with the latest Rails version and will shortly release new versions of Discourse, Publify and Diaspora.
For more details about these security issues please check the information provided in the official Ruby On Rails blog. If you already have installed a version of these applications please make sure that you update your environment or apply the appropriate patches.