[scl.org] sclo-ror42: Ruby on Rails 4.2 security updates in testing

Dominic Cleal dominic at cleal.org
Fri Aug 12 10:37:37 UTC 2016

Security updates for the sclo-ror42 software collection, which provides
Ruby on Rails 4.2, are now available in the CentOS SCLo SIG testing

To apply the updates:
yum upgrade --enablerepo=centos-sclo-sclo-testing --nogpgcheck sclo-ror42\*

These fix:
a) CVE-2016-6316: Possible XSS Vulnerability in Action View
b) CVE-2016-6317: Unsafe Query Generation Risk in Active Record

The packages updated are (both el6/7):

I'll push them to stable in a week or so's time, but would appreciate
any feedback.

Dominic Cleal
dominic at cleal.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/sclorg/attachments/20160812/d0c1176d/attachment.sig>

More information about the SCLorg mailing list