Red Hat Security Advisory 2016-1857-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Security Fix: It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting attack. Continue reading...
