Security updates for the sclo-ror42 software collection, which provides Ruby on Rails 4.2, are now available in the CentOS SCLo SIG testing repository. To apply the updates: yum upgrade --enablerepo=centos-sclo-sclo-testing --nogpgcheck sclo-ror42\* These fix: a) CVE-2016-6316: Possible XSS Vulnerability in Action View https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE b) CVE-2016-6317: Unsafe Query Generation Risk in Active Record https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA The packages updated are (both el6/7): sclo-ror42-rubygem-actionpack-4.2.5.1-2.el7 sclo-ror42-rubygem-activerecord-4.2.5.1-3.el7 sclo-ror42-rubygem-actionview-4.2.5.1-3.el7 I'll push them to stable in a week or so's time, but would appreciate any feedback. -- Dominic Cleal dominic at cleal.org -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20160812/d0c1176d/attachment-0007.sig>