For the second time in a month, the Ruby on Rails team has released critical security updates for the popular Web application framework. One flaw addressed by the patch could allow SQL injection or denial of service attacks. A second flaw could allow attackers access to databases underlying websites that run Ruby on Rails.
The Rails blog advised, “These releases contain two extremely critical security fixes so please update immediately.”