We got CVEs assigned for the last round of security vulnerabilities.
Here is the summary:
* Filter skipping: CVE-2011-2929
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/3420ac71aed312d6
* SQL injection: CVE-2011-2930
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/6a1e473744bc389b
* Parse error in strip_tags: CVE-2011-2931
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b9130749b74ea12
* UTF-8 escaping vulnerability: CVE-2011-2931
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/56bffb5923ab1195
* Response splitting: CVE-2011-3186
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/6ffc93bde0298768
--
Aaron Patterson
http://tenderlovemaking.com/