![Ruby on Rails security updates patch XSS, DoS vulnerabilities [Video]](https://vlog.mondoplayer.com/wp-content/uploads/2025/02/mp_378946_0_21835910581791001738615058shutterstock653223160100963152origjpg.jpg)
The updates also strengthen the protection for a vulnerability patched in January
Credit: Potapov Alexander / Shutterstock
Ruby on Rails users are advised to upgrade to newly released versions of the Web development framework that contain important security fixes, according to the Rails development team.
The 3.2.16 Rails version released Tuesday addresses two cross-site scripting vulnerabilities and a denial-of-service issue and strengthens a previous patch for an unsafe query generation flaw.
The two cross-site scripting vulnerabilities, identified as CVE-2013-4491 and CVE-2013-6415, are located in the internationalization component and the number_to_currency helper, respectively. Both vulnerabilities allow an attacker to execute a cross-site scripting attack by sending specially crafted input to vulnerable applications.
The denial-of-service vulnerability, tracked as CVE-2013-6414, is located in the header handling component of Action View and allows an attacker to force an application to cache strings sent in specially crafted headers. This can cause the cache to grow indefinitely and consume all available memory on the server.
The other …
![From PHP to Perl: Whats hot, whats not in scripting languages [Video]](https://vlog.mondoplayer.com/wp-content/uploads/2024/12/mp_376377_0_21838680559574001733851501shutterstock1898522698jpg.jpg)
![Rails 3.0 beta features merger with Merb framework [Video]](https://vlog.mondoplayer.com/wp-content/uploads/2025/01/mp_378776_0_21789900190219001738349239shutterstock1607588695jpg.jpg)
![Beyond API Documentation with Fern [Video]](https://vlog.mondoplayer.com/wp-content/uploads/2025/01/mp_378636_0_0jpg.jpg)
