Ruby/activerecord/3.0.12
Databases on Rails. Build a persistent domain model by mapping database tables to Ruby classes. Strong conventions for associations, validations, aggregations, migrations, and testing come baked-in.
Repo Link:
https://rubygems.org/gems/activerecord
License:
UNKNOWN
14 Security Vulnerabilities
Published date: 2022-07-12T19:39:47Z
CVE: CVE-2022-32224
When serialized columns that use YAML (the default) are deserialized, Rails uses YAML.unsafe_load to convert the YAML data in to Ruby objects. If an attacker can manipulate data in the database (via means like SQL injection), then it may be possible for the attacker to escalate to an RCE.
There are no feasible workarounds for this issue, but other coders (such as JSON) are not impacted.
Affected versions:
["5.2.4.4", "5.2.4.3", "5.2.4.2", "5.2.4.1", "5.2.4", "5.2.4.rc1", "5.2.3", "5.2.3.rc1", "5.2.2.1", "5.2.2", "5.2.2.rc1", "5.2.1.1", "5.2.1", "5.2.1.rc1", "5.2.0", "5.2.0.rc2", "5.2.0.rc1", "5.2.0.beta2", "5.2.0.beta1", "5.1.7", "5.1.7.rc1", "5.1.6.2", "5.1.6.1", "5.1.6", "5.1.5", "5.1.5.rc1", "5.1.4", "5.1.4.rc1", "5.1.3", "5.1.3.rc3", "5.1.3.rc2", "5.1.3.rc1", "5.1.2", "5.1.2.rc1", "5.1.1", "5.1.0", "5.1.0.rc2", "5.1.0.rc1", "5.1.0.beta1", "5.0.7.2", "5.0.7.1", "5.0.7", "5.0.6", "5.0.6.rc1", "5.0.5", "5.0.5.rc2", "5.0.5.rc1", "5.0.4", "5.0.4.rc1", "5.0.3", "5.0.2", "5.0.2.rc1", "5.0.1", "5.0.1.rc2", "5.0.1.rc1", "5.0.0.1", "5.0.0", "5.0.0.rc2", "5.0.0.rc1", "5.0.0.racecar1", "5.0.0.beta4", "5.0.0.beta3", "5.0.0.beta2", "5.0.0.beta1.1", "5.0.0.beta1", "4.2.11.3", "4.2.11.2", "4.2.11.1", "4.2.11", "4.2.10", "4.2.10.rc1", "4.2.9", "4.2.9.rc2", "4.2.9.rc1", "4.2.8", "4.2.8.rc1", "4.2.7.1", "4.2.7", "4.2.7.rc1", "4.2.6", "4.2.6.rc1", "4.2.5.2", "4.2.5.1", "4.2.5", "4.2.5.rc2", "4.2.5.rc1", "4.2.4", "4.2.4.rc1", "4.2.3", "4.2.3.rc1", "4.2.2", "4.2.1", "4.2.1.rc4", "4.2.1.rc3", "4.2.1.rc2", "4.2.1.rc1", "4.2.0", "4.2.0.rc3", "4.2.0.rc2", "4.2.0.rc1", "4.2.0.beta4", "4.2.0.beta3", "4.2.0.beta2", "4.2.0.beta1", "4.1.16", "4.1.16.rc1", "4.1.15", "4.1.15.rc1", "4.1.14.2", "4.1.14.1", "4.1.14", "4.1.14.rc2", "4.1.14.rc1", "4.1.13", "4.1.13.rc1", "4.1.12", "4.1.12.rc1", "4.1.11", "4.1.10", "4.1.10.rc4", "4.1.10.rc3", "4.1.10.rc2", "4.1.10.rc1", "4.1.9", "4.1.9.rc1", "4.1.8", "4.1.7.1", "4.1.7", "4.1.6", "4.1.6.rc2", "4.1.6.rc1", "4.1.5", "4.1.4", "4.1.3", "4.1.2", "4.1.2.rc3", "4.1.2.rc2", "4.1.2.rc1", "4.1.1", "4.1.0", "4.1.0.rc2", "4.1.0.rc1", "4.1.0.beta2", "4.1.0.beta1", "4.0.13", "4.0.13.rc1", "4.0.12", "4.0.11.1", "4.0.11", "4.0.10", "4.0.10.rc2", "4.0.10.rc1", "4.0.9", "4.0.8", "4.0.7", "4.0.6", "4.0.6.rc3", "4.0.6.rc2", "4.0.6.rc1", "4.0.5", "4.0.4", "4.0.4.rc1", "4.0.3", "4.0.2", "4.0.1", "4.0.1.rc4", "4.0.1.rc3", "4.0.1.rc2", "4.0.1.rc1", "4.0.0", "4.0.0.rc2", "4.0.0.rc1", "4.0.0.beta1", "3.2.22.5", "3.2.22.4", "3.2.22.3", "3.2.22.2", "3.2.22.1", "3.2.22", "3.2.21", "3.2.20", "3.2.19", "3.2.18", "3.2.17", "3.2.16", "3.2.15", "3.2.15.rc3", "3.2.15.rc2", "3.2.15.rc1", "3.2.14", "3.2.14.rc2", "3.2.14.rc1", "3.2.13", "3.2.13.rc2", "3.2.13.rc1", "3.2.12", "3.2.11", "3.2.10", "3.2.9", "3.2.9.rc3", "3.2.9.rc2", "3.2.9.rc1", "3.2.8", "3.2.8.rc2", "3.2.8.rc1", "3.2.7", "3.2.7.rc1", "3.2.6", "3.2.5", "3.2.4", "3.2.4.rc1", "3.2.3", "3.2.3.rc2", "3.2.3.rc1", "3.2.2", "3.2.2.rc1", "3.2.1", "3.2.0", "3.2.0.rc2", "3.2.0.rc1", "3.1.12", "3.1.11", "3.1.10", "3.1.9", "3.1.8", "3.1.7", "3.1.6", "3.1.5", "3.1.5.rc1", "3.1.4", "3.1.4.rc1", "3.1.3", "3.1.2", "3.1.2.rc2", "3.1.2.rc1", "3.1.1", "3.1.1.rc3", "3.1.1.rc2", "3.1.1.rc1", "3.1.0", "3.1.0.rc8", "3.1.0.rc6", "3.1.0.rc5", "3.1.0.rc4", "3.1.0.rc3", "3.1.0.rc2", "3.1.0.rc1", "3.1.0.beta1", "3.0.20", "3.0.19", "3.0.18", "3.0.17", "3.0.16", "3.0.15", "3.0.14", "3.0.13", "3.0.13.rc1", "3.0.12", "3.0.12.rc1", "3.0.11", "3.0.10", "3.0.10.rc1", "3.0.9", "3.0.9.rc5", "3.0.9.rc4", "3.0.9.rc3", "3.0.9.rc1", "3.0.8", "3.0.8.rc4", "3.0.8.rc2", "3.0.8.rc1", "3.0.7", "3.0.7.rc2", "3.0.7.rc1", "3.0.6", "3.0.6.rc2", "3.0.6.rc1", "3.0.5", "3.0.5.rc1", "3.0.4", "3.0.4.rc1", "3.0.3", "3.0.2", "3.0.1", "3.0.0", "3.0.0.rc2", "3.0.0.rc", "3.0.0.beta4", "3.0.0.beta3", "3.0.0.beta2", "3.0.0.beta", "2.3.18", "2.3.17", "2.3.16", "2.3.15", "2.3.14", "2.3.12", "2.3.11", "2.3.10", "2.3.9", "2.3.9.pre", "2.3.8", "2.3.8.pre1", "2.3.7", "2.3.6", "2.3.5", "2.3.4", "2.3.3", "2.3.2", "2.2.3", "2.2.2", "2.1.2", "2.1.1", "2.1.0", "2.0.5", "2.0.4", "2.0.2", "2.0.1", "2.0.0", "1.15.6", "1.15.5", "1.15.4", "1.15.3", "1.15.2", "1.15.1", "1.15.0", "1.14.4", "1.14.3", "1.14.2", "1.14.1", "1.14.0", "1.13.2", "1.13.1", "1.13.0", "1.12.2", "1.12.1", "1.11.1", "1.11.0", "1.10.1", "1.10.0", "1.9.1", "1.9.0", "1.8.0", "1.7.0", "1.6.0", "1.5.1", "1.5.0", "1.4.0", "1.3.0", "1.2.0", "1.1.0", "1.0.0", "5.2.4.5", "5.2.5", "5.2.6", "5.2.4.6", "5.2.6.2", "5.2.6.1", "5.2.6.3", "5.2.7", "5.2.7.1", "5.2.8", "6.0.3.4", "6.0.3.3", "6.0.3.2", "6.0.3.1", "6.0.3", "6.0.3.rc1", "6.0.2.2", "6.0.2.1", "6.0.2", "6.0.2.rc2", "6.0.2.rc1", "6.0.1", "6.0.1.rc1", "6.0.0", "6.0.3.5", "6.0.3.6", "6.0.3.7", "6.0.4", "6.0.4.1", "6.0.4.3", "6.0.4.2", "6.0.4.4", "6.0.4.6", "6.0.4.5", "6.0.4.7", "6.0.4.8", "6.0.5", "6.1.0", "6.1.1", "6.1.2", "6.1.2.1", "6.1.3", "6.1.3.1", "6.1.3.2", "6.1.4", "6.1.4.1", "6.1.4.3", "6.1.4.2", "6.1.4.4", "6.1.4.6", "6.1.4.5", "6.1.4.7", "6.1.5", "6.1.5.1", "6.1.6", "7.0.0", "7.0.1", "7.0.2", "7.0.2.2", "7.0.2.1", "7.0.2.3", "7.0.2.4", "7.0.3"]
Secure versions:
[7.0.4.1, 6.1.7.1, 7.0.4.2, 6.1.7.2, 7.0.4.3, 6.1.7.3, 7.0.5, 7.0.5.1, 6.1.7.4, 7.0.6, 7.0.7, 7.0.7.2, 7.0.7.1, 6.1.7.6, 6.1.7.5, 7.0.8, 7.1.0.beta1, 7.1.0.rc1, 7.1.0.rc2, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.3.2, 7.1.3.1, 7.0.8.1, 6.1.7.7, 7.1.3.3, 7.0.8.2, 7.0.8.3, 7.2.0.beta1, 7.2.0.beta2, 7.1.3.4, 7.0.8.4, 6.1.7.8, 7.2.0.beta3, 7.2.0.rc1, 7.2.0, 7.2.1, 7.1.4, 8.0.0.beta1, 7.2.1.1, 7.1.4.1, 7.0.8.5, 6.1.7.9, 8.0.0.rc1, 7.2.1.2, 7.1.4.2, 7.0.8.6, 6.1.7.10, 8.0.0.rc2, 7.2.2, 7.1.5, 8.0.0]
Recommendation:
Update to version 8.0.0.
Published date: 2023-01-18T18:21:12Z
CVE: CVE-2022-44566
There is a potential denial of service vulnerability present in ActiveRecord’s PostgreSQL adapter.
This has been assigned the CVE identifier CVE-2022-44566.
Versions Affected: All. Not affected: None. Fixed Versions: 5.2.8.15 (Rails LTS, which is a paid service and not part of the rubygem), 6.1.7.1, 7.0.4.1
Impact:
In ActiveRecord <7.0.4.1 and <6.1.7.1, when a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan resulting in potential Denial of Service.
Releases
The fixed releases are available at the normal locations.
Workarounds
Ensure that user supplied input which is provided to ActiveRecord clauses do not contain integers wider than a signed 64bit representation or floats.
Patches
To aid users who aren’t able to upgrade immediately we have provided patches for the supported release series in accordance with our maintenance policy 1 regarding security issues. They are in git-am format and consist of a single changeset.
6-1-Added-integer-width-check-to-PostgreSQL-Quoting.patch - Patch for 6.1 series
7-0-Added-integer-width-check-to-PostgreSQL-Quoting.patch - Patch for 7.0 series
Affected versions:
["6.1.0.rc1", "6.0.3.4", "6.0.3.3", "6.0.3.2", "6.0.3.1", "6.0.3", "6.0.3.rc1", "6.0.2.2", "6.0.2.1", "6.0.2", "6.0.2.rc2", "6.0.2.rc1", "6.0.1", "6.0.1.rc1", "6.0.0", "6.0.0.rc2", "6.0.0.rc1", "6.0.0.beta3", "6.0.0.beta2", "6.0.0.beta1", "5.2.4.4", "5.2.4.3", "5.2.4.2", "5.2.4.1", "5.2.4", "5.2.4.rc1", "5.2.3", "5.2.3.rc1", "5.2.2.1", "5.2.2", "5.2.2.rc1", "5.2.1.1", "5.2.1", "5.2.1.rc1", "5.2.0", "5.2.0.rc2", "5.2.0.rc1", "5.2.0.beta2", "5.2.0.beta1", "5.1.7", "5.1.7.rc1", "5.1.6.2", "5.1.6.1", "5.1.6", "5.1.5", "5.1.5.rc1", "5.1.4", "5.1.4.rc1", "5.1.3", "5.1.3.rc3", "5.1.3.rc2", "5.1.3.rc1", "5.1.2", "5.1.2.rc1", "5.1.1", "5.1.0", "5.1.0.rc2", "5.1.0.rc1", "5.1.0.beta1", "5.0.7.2", "5.0.7.1", "5.0.7", "5.0.6", "5.0.6.rc1", "5.0.5", "5.0.5.rc2", "5.0.5.rc1", "5.0.4", "5.0.4.rc1", "5.0.3", "5.0.2", "5.0.2.rc1", "5.0.1", "5.0.1.rc2", "5.0.1.rc1", "5.0.0.1", "5.0.0", "5.0.0.rc2", "5.0.0.rc1", "5.0.0.racecar1", "5.0.0.beta4", "5.0.0.beta3", "5.0.0.beta2", "5.0.0.beta1.1", "5.0.0.beta1", "4.2.11.3", "4.2.11.2", "4.2.11.1", "4.2.11", "4.2.10", "4.2.10.rc1", "4.2.9", "4.2.9.rc2", "4.2.9.rc1", "4.2.8", "4.2.8.rc1", "4.2.7.1", "4.2.7", "4.2.7.rc1", "4.2.6", "4.2.6.rc1", "4.2.5.2", "4.2.5.1", "4.2.5", "4.2.5.rc2", "4.2.5.rc1", "4.2.4", "4.2.4.rc1", "4.2.3", "4.2.3.rc1", "4.2.2", "4.2.1", "4.2.1.rc4", "4.2.1.rc3", "4.2.1.rc2", "4.2.1.rc1", "4.2.0", "4.2.0.rc3", "4.2.0.rc2", "4.2.0.rc1", "4.2.0.beta4", "4.2.0.beta3", "4.2.0.beta2", "4.2.0.beta1", "4.1.16", "4.1.16.rc1", "4.1.15", "4.1.15.rc1", "4.1.14.2", "4.1.14.1", "4.1.14", "4.1.14.rc2", "4.1.14.rc1", "4.1.13", "4.1.13.rc1", "4.1.12", "4.1.12.rc1", "4.1.11", "4.1.10", "4.1.10.rc4", "4.1.10.rc3", "4.1.10.rc2", "4.1.10.rc1", "4.1.9", "4.1.9.rc1", "4.1.8", "4.1.7.1", "4.1.7", "4.1.6", "4.1.6.rc2", "4.1.6.rc1", "4.1.5", "4.1.4", "4.1.3", "4.1.2", "4.1.2.rc3", "4.1.2.rc2", "4.1.2.rc1", "4.1.1", "4.1.0", "4.1.0.rc2", "4.1.0.rc1", "4.1.0.beta2", "4.1.0.beta1", "4.0.13", "4.0.13.rc1", "4.0.12", "4.0.11.1", "4.0.11", "4.0.10", "4.0.10.rc2", "4.0.10.rc1", "4.0.9", "4.0.8", "4.0.7", "4.0.6", "4.0.6.rc3", "4.0.6.rc2", "4.0.6.rc1", "4.0.5", "4.0.4", "4.0.4.rc1", "4.0.3", "4.0.2", "4.0.1", "4.0.1.rc4", "4.0.1.rc3", "4.0.1.rc2", "4.0.1.rc1", "4.0.0", "4.0.0.rc2", "4.0.0.rc1", "4.0.0.beta1", "3.2.22.5", "3.2.22.4", "3.2.22.3", "3.2.22.2", "3.2.22.1", "3.2.22", "3.2.21", "3.2.20", "3.2.19", "3.2.18", "3.2.17", "3.2.16", "3.2.15", "3.2.15.rc3", "3.2.15.rc2", "3.2.15.rc1", "3.2.14", "3.2.14.rc2", "3.2.14.rc1", "3.2.13", "3.2.13.rc2", "3.2.13.rc1", "3.2.12", "3.2.11", "3.2.10", "3.2.9", "3.2.9.rc3", "3.2.9.rc2", "3.2.9.rc1", "3.2.8", "3.2.8.rc2", "3.2.8.rc1", "3.2.7", "3.2.7.rc1", "3.2.6", "3.2.5", "3.2.4", "3.2.4.rc1", "3.2.3", "3.2.3.rc2", "3.2.3.rc1", "3.2.2", "3.2.2.rc1", "3.2.1", "3.2.0", "3.2.0.rc2", "3.2.0.rc1", "3.1.12", "3.1.11", "3.1.10", "3.1.9", "3.1.8", "3.1.7", "3.1.6", "3.1.5", "3.1.5.rc1", "3.1.4", "3.1.4.rc1", "3.1.3", "3.1.2", "3.1.2.rc2", "3.1.2.rc1", "3.1.1", "3.1.1.rc3", "3.1.1.rc2", "3.1.1.rc1", "3.1.0", "3.1.0.rc8", "3.1.0.rc6", "3.1.0.rc5", "3.1.0.rc4", "3.1.0.rc3", "3.1.0.rc2", "3.1.0.rc1", "3.1.0.beta1", "3.0.20", "3.0.19", "3.0.18", "3.0.17", "3.0.16", "3.0.15", "3.0.14", "3.0.13", "3.0.13.rc1", "3.0.12", "3.0.12.rc1", "3.0.11", "3.0.10", "3.0.10.rc1", "3.0.9", "3.0.9.rc5", "3.0.9.rc4", "3.0.9.rc3", "3.0.9.rc1", "3.0.8", "3.0.8.rc4", "3.0.8.rc2", "3.0.8.rc1", "3.0.7", "3.0.7.rc2", "3.0.7.rc1", "3.0.6", "3.0.6.rc2", "3.0.6.rc1", "3.0.5", "3.0.5.rc1", "3.0.4", "3.0.4.rc1", "3.0.3", "3.0.2", "3.0.1", "3.0.0", "3.0.0.rc2", "3.0.0.rc", "3.0.0.beta4", "3.0.0.beta3", "3.0.0.beta2", "3.0.0.beta", "2.3.18", "2.3.17", "2.3.16", "2.3.15", "2.3.14", "2.3.12", "2.3.11", "2.3.10", "2.3.9", "2.3.9.pre", "2.3.8", "2.3.8.pre1", "2.3.7", "2.3.6", "2.3.5", "2.3.4", "2.3.3", "2.3.2", "2.2.3", "2.2.2", "2.1.2", "2.1.1", "2.1.0", "2.0.5", "2.0.4", "2.0.2", "2.0.1", "2.0.0", "1.15.6", "1.15.5", "1.15.4", "1.15.3", "1.15.2", "1.15.1", "1.15.0", "1.14.4", "1.14.3", "1.14.2", "1.14.1", "1.14.0", "1.13.2", "1.13.1", "1.13.0", "1.12.2", "1.12.1", "1.11.1", "1.11.0", "1.10.1", "1.10.0", "1.9.1", "1.9.0", "1.8.0", "1.7.0", "1.6.0", "1.5.1", "1.5.0", "1.4.0", "1.3.0", "1.2.0", "1.1.0", "1.0.0", "6.1.0.rc2", "6.1.0", "6.1.1", "6.1.2", "6.1.2.1", "6.0.3.5", "5.2.4.5", "6.1.3", "6.1.3.1", "6.0.3.6", "5.2.5", "6.1.3.2", "6.0.3.7", "5.2.6", "5.2.4.6", "6.0.4", "6.1.4", "6.1.4.1", "6.0.4.1", "6.1.4.3", "6.1.4.2", "6.0.4.3", "6.0.4.2", "6.1.4.4", "6.0.4.4", "6.1.4.6", "6.1.4.5", "6.0.4.6", "6.0.4.5", "5.2.6.2", "5.2.6.1", "6.1.4.7", "6.0.4.7", "5.2.6.3", "6.1.5", "5.2.7", "6.1.5.1", "6.0.4.8", "5.2.7.1", "6.1.6", "6.0.5", "5.2.8", "6.1.6.1", "6.0.5.1", "5.2.8.1", "6.1.7", "6.0.6", "6.0.6.1", "7.0.0", "7.0.1", "7.0.2", "7.0.2.2", "7.0.2.1", "7.0.2.3", "7.0.2.4", "7.0.3", "7.0.3.1", "7.0.4"]
Secure versions:
[7.0.4.1, 6.1.7.1, 7.0.4.2, 6.1.7.2, 7.0.4.3, 6.1.7.3, 7.0.5, 7.0.5.1, 6.1.7.4, 7.0.6, 7.0.7, 7.0.7.2, 7.0.7.1, 6.1.7.6, 6.1.7.5, 7.0.8, 7.1.0.beta1, 7.1.0.rc1, 7.1.0.rc2, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.3.2, 7.1.3.1, 7.0.8.1, 6.1.7.7, 7.1.3.3, 7.0.8.2, 7.0.8.3, 7.2.0.beta1, 7.2.0.beta2, 7.1.3.4, 7.0.8.4, 6.1.7.8, 7.2.0.beta3, 7.2.0.rc1, 7.2.0, 7.2.1, 7.1.4, 8.0.0.beta1, 7.2.1.1, 7.1.4.1, 7.0.8.5, 6.1.7.9, 8.0.0.rc1, 7.2.1.2, 7.1.4.2, 7.0.8.6, 6.1.7.10, 8.0.0.rc2, 7.2.2, 7.1.5, 8.0.0]
Recommendation:
Update to version 8.0.0.
Published date: 2017-10-24T18:33:38Z
CVE: CVE-2012-2695
The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661.
Affected versions:
["3.2.5", "3.2.4", "3.2.4.rc1", "3.2.3", "3.2.3.rc2", "3.2.3.rc1", "3.2.2", "3.2.2.rc1", "3.2.1", "3.2.0", "3.1.5", "3.1.5.rc1", "3.1.4", "3.1.4.rc1", "3.1.3", "3.1.2", "3.1.2.rc2", "3.1.2.rc1", "3.1.1", "3.1.1.rc3", "3.1.1.rc2", "3.1.1.rc1", "3.1.0", "3.0.13", "3.0.13.rc1", "3.0.12", "3.0.12.rc1", "3.0.11", "3.0.10", "3.0.10.rc1", "3.0.9", "3.0.9.rc5", "3.0.9.rc4", "3.0.9.rc3", "3.0.9.rc1", "3.0.8", "3.0.8.rc4", "3.0.8.rc2", "3.0.8.rc1", "3.0.7", "3.0.7.rc2", "3.0.7.rc1", "3.0.6", "3.0.6.rc2", "3.0.6.rc1", "3.0.5", "3.0.5.rc1", "3.0.4", "3.0.4.rc1", "3.0.3", "3.0.2", "3.0.1", "3.0.0", "3.0.0.rc2", "3.0.0.rc", "3.0.0.beta4", "3.0.0.beta3", "3.0.0.beta2", "3.0.0.beta", "2.3.18", "2.3.17", "2.3.16", "2.3.15", "2.3.14", "2.3.12", "2.3.11", "2.3.10", "2.3.9", "2.3.9.pre", "2.3.8", "2.3.8.pre1", "2.3.7", "2.3.6", "2.3.5", "2.3.4", "2.3.3", "2.3.2", "2.2.3", "2.2.2", "2.1.2", "2.1.1", "2.1.0", "2.0.5", "2.0.4", "2.0.2", "2.0.1", "2.0.0", "1.15.6", "1.15.5", "1.15.4", "1.15.3", "1.15.2", "1.15.1", "1.15.0", "1.14.4", "1.14.3", "1.14.2", "1.14.1", "1.14.0", "1.13.2", "1.13.1", "1.13.0", "1.12.2", "1.12.1", "1.11.1", "1.11.0", "1.10.1", "1.10.0", "1.9.1", "1.9.0", "1.8.0", "1.7.0", "1.6.0", "1.5.1", "1.5.0", "1.4.0", "1.3.0", "1.2.0", "1.1.0", "1.0.0"]
Secure versions:
[7.0.4.1, 6.1.7.1, 7.0.4.2, 6.1.7.2, 7.0.4.3, 6.1.7.3, 7.0.5, 7.0.5.1, 6.1.7.4, 7.0.6, 7.0.7, 7.0.7.2, 7.0.7.1, 6.1.7.6, 6.1.7.5, 7.0.8, 7.1.0.beta1, 7.1.0.rc1, 7.1.0.rc2, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.3.2, 7.1.3.1, 7.0.8.1, 6.1.7.7, 7.1.3.3, 7.0.8.2, 7.0.8.3, 7.2.0.beta1, 7.2.0.beta2, 7.1.3.4, 7.0.8.4, 6.1.7.8, 7.2.0.beta3, 7.2.0.rc1, 7.2.0, 7.2.1, 7.1.4, 8.0.0.beta1, 7.2.1.1, 7.1.4.1, 7.0.8.5, 6.1.7.9, 8.0.0.rc1, 7.2.1.2, 7.1.4.2, 7.0.8.6, 6.1.7.10, 8.0.0.rc2, 7.2.2, 7.1.5, 8.0.0]
Recommendation:
Update to version 8.0.0.
Published date: 2018-09-17T21:58:09Z
CVE: CVE-2015-7577
Withdrawn, accidental duplicate publish.
activerecord/lib/activerecord/nested attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy option, which allows remote attackers to bypass intended change restrictions by leveraging use of the nested attributes feature.
Affected versions:
["3.2.22", "3.2.21", "3.2.20", "3.2.19", "3.2.18", "3.2.17", "3.2.16", "3.2.15", "3.2.15.rc3", "3.2.15.rc2", "3.2.15.rc1", "3.2.14", "3.2.14.rc2", "3.2.14.rc1", "3.2.13", "3.2.13.rc2", "3.2.13.rc1", "3.2.12", "3.2.11", "3.2.10", "3.2.9", "3.2.9.rc3", "3.2.9.rc2", "3.2.9.rc1", "3.2.8", "3.2.8.rc2", "3.2.8.rc1", "3.2.7", "3.2.7.rc1", "3.2.6", "3.2.5", "3.2.4", "3.2.4.rc1", "3.2.3", "3.2.3.rc2", "3.2.3.rc1", "3.2.2", "3.2.2.rc1", "3.2.1", "3.2.0", "3.2.0.rc2", "3.2.0.rc1", "3.1.12", "3.1.11", "3.1.10", "3.1.9", "3.1.8", "3.1.7", "3.1.6", "3.1.5", "3.1.5.rc1", "3.1.4", "3.1.4.rc1", "3.1.3", "3.1.2", "3.1.2.rc2", "3.1.2.rc1", "3.1.1", "3.1.1.rc3", "3.1.1.rc2", "3.1.1.rc1", "3.1.0", "3.1.0.rc8", "3.1.0.rc6", "3.1.0.rc5", "3.1.0.rc4", "3.1.0.rc3", "3.1.0.rc2", "3.1.0.rc1", "3.1.0.beta1", "3.0.20", "3.0.19", "3.0.18", "3.0.17", "3.0.16", "3.0.15", "3.0.14", "3.0.13", "3.0.13.rc1", "3.0.12", "3.0.12.rc1", "3.0.11", "3.0.10", "3.0.10.rc1", "3.0.9", "3.0.9.rc5", "3.0.9.rc4", "3.0.9.rc3", "3.0.9.rc1", "3.0.8", "3.0.8.rc4", "3.0.8.rc2", "3.0.8.rc1", "3.0.7", "3.0.7.rc2", "3.0.7.rc1", "3.0.6", "3.0.6.rc2", "3.0.6.rc1", "3.0.5", "3.0.5.rc1", "3.0.4", "3.0.4.rc1", "3.0.3", "3.0.2", "3.0.1", "3.0.0", "4.2.5", "4.2.5.rc2", "4.2.5.rc1", "4.2.4", "4.2.4.rc1", "4.2.3", "4.2.3.rc1", "4.2.2", "4.2.1", "4.2.1.rc4", "4.2.1.rc3", "4.2.1.rc2", "4.2.1.rc1", "4.2.0", "4.1.14", "4.1.14.rc2", "4.1.14.rc1", "4.1.13", "4.1.13.rc1", "4.1.12", "4.1.12.rc1", "4.1.11", "4.1.10", "4.1.10.rc4", "4.1.10.rc3", "4.1.10.rc2", "4.1.10.rc1", "4.1.9", "4.1.9.rc1", "4.1.8", "4.1.7.1", "4.1.7", "4.1.6", "4.1.6.rc2", "4.1.6.rc1", "4.1.5", "4.1.4", "4.1.3", "4.1.2", "4.1.2.rc3", "4.1.2.rc2", "4.1.2.rc1", "4.1.1", "4.1.0", "4.1.0.rc2", "4.1.0.rc1", "4.1.0.beta2", "4.1.0.beta1", "4.0.13", "4.0.13.rc1", "4.0.12", "4.0.11.1", "4.0.11", "4.0.10", "4.0.10.rc2", "4.0.10.rc1", "4.0.9", "4.0.8", "4.0.7", "4.0.6", "4.0.6.rc3", "4.0.6.rc2", "4.0.6.rc1", "4.0.5", "4.0.4", "4.0.4.rc1", "4.0.3", "4.0.2", "4.0.1", "4.0.1.rc4", "4.0.1.rc3", "4.0.1.rc2", "4.0.1.rc1", "4.0.0"]
Secure versions:
[7.0.4.1, 6.1.7.1, 7.0.4.2, 6.1.7.2, 7.0.4.3, 6.1.7.3, 7.0.5, 7.0.5.1, 6.1.7.4, 7.0.6, 7.0.7, 7.0.7.2, 7.0.7.1, 6.1.7.6, 6.1.7.5, 7.0.8, 7.1.0.beta1, 7.1.0.rc1, 7.1.0.rc2, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.3.2, 7.1.3.1, 7.0.8.1, 6.1.7.7, 7.1.3.3, 7.0.8.2, 7.0.8.3, 7.2.0.beta1, 7.2.0.beta2, 7.1.3.4, 7.0.8.4, 6.1.7.8, 7.2.0.beta3, 7.2.0.rc1, 7.2.0, 7.2.1, 7.1.4, 8.0.0.beta1, 7.2.1.1, 7.1.4.1, 7.0.8.5, 6.1.7.9, 8.0.0.rc1, 7.2.1.2, 7.1.4.2, 7.0.8.6, 6.1.7.10, 8.0.0.rc2, 7.2.2, 7.1.5, 8.0.0]
Recommendation:
Update to version 8.0.0.
Published date: 2017-10-24T18:33:38Z
CVE: CVE-2012-2661
The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage unintended recursion, a related issue to CVE-2012-2695.
Affected versions:
["3.2.4.rc1", "3.2.3", "3.2.3.rc2", "3.2.3.rc1", "3.2.2", "3.2.2.rc1", "3.2.1", "3.2.0", "3.1.5.rc1", "3.1.4", "3.1.4.rc1", "3.1.3", "3.1.2", "3.1.2.rc2", "3.1.2.rc1", "3.1.1", "3.1.1.rc3", "3.1.1.rc2", "3.1.1.rc1", "3.1.0", "3.0.13.rc1", "3.0.12", "3.0.12.rc1", "3.0.11", "3.0.10", "3.0.10.rc1", "3.0.9", "3.0.9.rc5", "3.0.9.rc4", "3.0.9.rc3", "3.0.9.rc1", "3.0.8", "3.0.8.rc4", "3.0.8.rc2", "3.0.8.rc1", "3.0.7", "3.0.7.rc2", "3.0.7.rc1", "3.0.6", "3.0.6.rc2", "3.0.6.rc1", "3.0.5", "3.0.5.rc1", "3.0.4", "3.0.4.rc1", "3.0.3", "3.0.2", "3.0.1", "3.0.0"]
Secure versions:
[7.0.4.1, 6.1.7.1, 7.0.4.2, 6.1.7.2, 7.0.4.3, 6.1.7.3, 7.0.5, 7.0.5.1, 6.1.7.4, 7.0.6, 7.0.7, 7.0.7.2, 7.0.7.1, 6.1.7.6, 6.1.7.5, 7.0.8, 7.1.0.beta1, 7.1.0.rc1, 7.1.0.rc2, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.3.2, 7.1.3.1, 7.0.8.1, 6.1.7.7, 7.1.3.3, 7.0.8.2, 7.0.8.3, 7.2.0.beta1, 7.2.0.beta2, 7.1.3.4, 7.0.8.4, 6.1.7.8, 7.2.0.beta3, 7.2.0.rc1, 7.2.0, 7.2.1, 7.1.4, 8.0.0.beta1, 7.2.1.1, 7.1.4.1, 7.0.8.5, 6.1.7.9, 8.0.0.rc1, 7.2.1.2, 7.1.4.2, 7.0.8.6, 6.1.7.10, 8.0.0.rc2, 7.2.2, 7.1.5, 8.0.0]
Recommendation:
Update to version 8.0.0.
Published date: 2017-10-24T18:33:37Z
CVE: CVE-2013-0277
ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML.
Affected versions:
["3.1.0.rc8", "3.1.0.rc6", "3.1.0.rc5", "3.1.0.rc4", "3.1.0.rc3", "3.1.0.rc2", "3.1.0.rc1", "3.1.0.beta1", "3.0.20", "3.0.19", "3.0.18", "3.0.17", "3.0.16", "3.0.15", "3.0.14", "3.0.13", "3.0.13.rc1", "3.0.12", "3.0.12.rc1", "3.0.11", "3.0.10", "3.0.10.rc1", "3.0.9", "3.0.9.rc5", "3.0.9.rc4", "3.0.9.rc3", "3.0.9.rc1", "3.0.8", "3.0.8.rc4", "3.0.8.rc2", "3.0.8.rc1", "3.0.7", "3.0.7.rc2", "3.0.7.rc1", "3.0.6", "3.0.6.rc2", "3.0.6.rc1", "3.0.5", "3.0.5.rc1", "3.0.4", "3.0.4.rc1", "3.0.3", "3.0.2", "3.0.1", "3.0.0", "2.3.16", "2.3.15", "2.3.14", "2.3.12", "2.3.11", "2.3.10", "2.3.9", "2.3.9.pre", "2.3.8", "2.3.8.pre1", "2.3.7", "2.3.6", "2.3.5", "2.3.4", "2.3.3", "2.3.2", "2.2.3", "2.2.2", "2.1.2", "2.1.1", "2.1.0", "2.0.5", "2.0.4", "2.0.2", "2.0.1", "2.0.0", "1.15.6", "1.15.5", "1.15.4", "1.15.3", "1.15.2", "1.15.1", "1.15.0", "1.14.4", "1.14.3", "1.14.2", "1.14.1", "1.14.0", "1.13.2", "1.13.1", "1.13.0", "1.12.2", "1.12.1", "1.11.1", "1.11.0", "1.10.1", "1.10.0", "1.9.1", "1.9.0", "1.8.0", "1.7.0", "1.6.0", "1.5.1", "1.5.0", "1.4.0", "1.3.0", "1.2.0", "1.1.0", "1.0.0"]
Secure versions:
[7.0.4.1, 6.1.7.1, 7.0.4.2, 6.1.7.2, 7.0.4.3, 6.1.7.3, 7.0.5, 7.0.5.1, 6.1.7.4, 7.0.6, 7.0.7, 7.0.7.2, 7.0.7.1, 6.1.7.6, 6.1.7.5, 7.0.8, 7.1.0.beta1, 7.1.0.rc1, 7.1.0.rc2, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.3.2, 7.1.3.1, 7.0.8.1, 6.1.7.7, 7.1.3.3, 7.0.8.2, 7.0.8.3, 7.2.0.beta1, 7.2.0.beta2, 7.1.3.4, 7.0.8.4, 6.1.7.8, 7.2.0.beta3, 7.2.0.rc1, 7.2.0, 7.2.1, 7.1.4, 8.0.0.beta1, 7.2.1.1, 7.1.4.1, 7.0.8.5, 6.1.7.9, 8.0.0.rc1, 7.2.1.2, 7.1.4.2, 7.0.8.6, 6.1.7.10, 8.0.0.rc2, 7.2.2, 7.1.5, 8.0.0]
Recommendation:
Update to version 8.0.0.
Published date: 2017-10-24T18:33:37Z
CVE: CVE-2012-6496
SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use unexpected data types in certain findby method calls.
Affected versions:
["3.2.9", "3.2.9.rc3", "3.2.9.rc2", "3.2.9.rc1", "3.2.8", "3.2.8.rc2", "3.2.8.rc1", "3.2.7", "3.2.7.rc1", "3.2.6", "3.2.5", "3.2.4", "3.2.4.rc1", "3.2.3", "3.2.3.rc2", "3.2.3.rc1", "3.2.2", "3.2.2.rc1", "3.2.1", "3.2.0", "3.1.8", "3.1.7", "3.1.6", "3.1.5", "3.1.5.rc1", "3.1.4", "3.1.4.rc1", "3.1.3", "3.1.2", "3.1.2.rc2", "3.1.2.rc1", "3.1.1", "3.1.1.rc3", "3.1.1.rc2", "3.1.1.rc1", "3.1.0", "3.0.17", "3.0.16", "3.0.15", "3.0.14", "3.0.13", "3.0.13.rc1", "3.0.12", "3.0.12.rc1", "3.0.11", "3.0.10", "3.0.10.rc1", "3.0.9", "3.0.9.rc5", "3.0.9.rc4", "3.0.9.rc3", "3.0.9.rc1", "3.0.8", "3.0.8.rc4", "3.0.8.rc2", "3.0.8.rc1", "3.0.7", "3.0.7.rc2", "3.0.7.rc1", "3.0.6", "3.0.6.rc2", "3.0.6.rc1", "3.0.5", "3.0.5.rc1", "3.0.4", "3.0.4.rc1", "3.0.3", "3.0.2", "3.0.1", "3.0.0", "3.0.0.rc2", "3.0.0.rc", "3.0.0.beta4", "3.0.0.beta3", "3.0.0.beta2", "3.0.0.beta", "2.3.18", "2.3.17", "2.3.16", "2.3.15", "2.3.14", "2.3.12", "2.3.11", "2.3.10", "2.3.9", "2.3.9.pre", "2.3.8", "2.3.8.pre1", "2.3.7", "2.3.6", "2.3.5", "2.3.4", "2.3.3", "2.3.2", "2.2.3", "2.2.2", "2.1.2", "2.1.1", "2.1.0", "2.0.5", "2.0.4", "2.0.2", "2.0.1", "2.0.0", "1.15.6", "1.15.5", "1.15.4", "1.15.3", "1.15.2", "1.15.1", "1.15.0", "1.14.4", "1.14.3", "1.14.2", "1.14.1", "1.14.0", "1.13.2", "1.13.1", "1.13.0", "1.12.2", "1.12.1", "1.11.1", "1.11.0", "1.10.1", "1.10.0", "1.9.1", "1.9.0", "1.8.0", "1.7.0", "1.6.0", "1.5.1", "1.5.0", "1.4.0", "1.3.0", "1.2.0", "1.1.0", "1.0.0"]
Secure versions:
[7.0.4.1, 6.1.7.1, 7.0.4.2, 6.1.7.2, 7.0.4.3, 6.1.7.3, 7.0.5, 7.0.5.1, 6.1.7.4, 7.0.6, 7.0.7, 7.0.7.2, 7.0.7.1, 6.1.7.6, 6.1.7.5, 7.0.8, 7.1.0.beta1, 7.1.0.rc1, 7.1.0.rc2, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.3.2, 7.1.3.1, 7.0.8.1, 6.1.7.7, 7.1.3.3, 7.0.8.2, 7.0.8.3, 7.2.0.beta1, 7.2.0.beta2, 7.1.3.4, 7.0.8.4, 6.1.7.8, 7.2.0.beta3, 7.2.0.rc1, 7.2.0, 7.2.1, 7.1.4, 8.0.0.beta1, 7.2.1.1, 7.1.4.1, 7.0.8.5, 6.1.7.9, 8.0.0.rc1, 7.2.1.2, 7.1.4.2, 7.0.8.6, 6.1.7.10, 8.0.0.rc2, 7.2.2, 7.1.5, 8.0.0]
Recommendation:
Update to version 8.0.0.
Published date: 2017-10-24T18:33:37Z
CVE: CVE-2013-0155
Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain [nil] values, a related issue to CVE-2012-2660 and CVE-2012-2694.
Affected versions:
["3.2.10", "3.2.9", "3.2.9.rc3", "3.2.9.rc2", "3.2.9.rc1", "3.2.8", "3.2.8.rc2", "3.2.8.rc1", "3.2.7", "3.2.7.rc1", "3.2.6", "3.2.5", "3.2.4", "3.2.4.rc1", "3.2.3", "3.2.3.rc2", "3.2.3.rc1", "3.2.2", "3.2.2.rc1", "3.2.1", "3.2.0", "3.1.9", "3.1.8", "3.1.7", "3.1.6", "3.1.5", "3.1.5.rc1", "3.1.4", "3.1.4.rc1", "3.1.3", "3.1.2", "3.1.2.rc2", "3.1.2.rc1", "3.1.1", "3.1.1.rc3", "3.1.1.rc2", "3.1.1.rc1", "3.1.0", "3.0.18", "3.0.17", "3.0.16", "3.0.15", "3.0.14", "3.0.13", "3.0.13.rc1", "3.0.12", "3.0.12.rc1", "3.0.11", "3.0.10", "3.0.10.rc1", "3.0.9", "3.0.9.rc5", "3.0.9.rc4", "3.0.9.rc3", "3.0.9.rc1", "3.0.8", "3.0.8.rc4", "3.0.8.rc2", "3.0.8.rc1", "3.0.7", "3.0.7.rc2", "3.0.7.rc1", "3.0.6", "3.0.6.rc2", "3.0.6.rc1", "3.0.5", "3.0.5.rc1", "3.0.4", "3.0.4.rc1", "3.0.3", "3.0.2", "3.0.1", "3.0.0"]
Secure versions:
[7.0.4.1, 6.1.7.1, 7.0.4.2, 6.1.7.2, 7.0.4.3, 6.1.7.3, 7.0.5, 7.0.5.1, 6.1.7.4, 7.0.6, 7.0.7, 7.0.7.2, 7.0.7.1, 6.1.7.6, 6.1.7.5, 7.0.8, 7.1.0.beta1, 7.1.0.rc1, 7.1.0.rc2, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.3.2, 7.1.3.1, 7.0.8.1, 6.1.7.7, 7.1.3.3, 7.0.8.2, 7.0.8.3, 7.2.0.beta1, 7.2.0.beta2, 7.1.3.4, 7.0.8.4, 6.1.7.8, 7.2.0.beta3, 7.2.0.rc1, 7.2.0, 7.2.1, 7.1.4, 8.0.0.beta1, 7.2.1.1, 7.1.4.1, 7.0.8.5, 6.1.7.9, 8.0.0.rc1, 7.2.1.2, 7.1.4.2, 7.0.8.6, 6.1.7.10, 8.0.0.rc2, 7.2.2, 7.1.5, 8.0.0]
Recommendation:
Update to version 8.0.0.
Published date: 2017-10-24T18:33:36Z
CVE: CVE-2014-3482
SQL injection vulnerability in activerecord/lib/activerecord/connection adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting.
Affected versions:
["3.2.18", "3.2.17", "3.2.16", "3.2.15", "3.2.15.rc3", "3.2.15.rc2", "3.2.15.rc1", "3.2.14", "3.2.14.rc2", "3.2.14.rc1", "3.2.13", "3.2.13.rc2", "3.2.13.rc1", "3.2.12", "3.2.11", "3.2.10", "3.2.9", "3.2.9.rc3", "3.2.9.rc2", "3.2.9.rc1", "3.2.8", "3.2.8.rc2", "3.2.8.rc1", "3.2.7", "3.2.7.rc1", "3.2.6", "3.2.5", "3.2.4", "3.2.4.rc1", "3.2.3", "3.2.3.rc2", "3.2.3.rc1", "3.2.2", "3.2.2.rc1", "3.2.1", "3.2.0", "3.2.0.rc2", "3.2.0.rc1", "3.1.12", "3.1.11", "3.1.10", "3.1.9", "3.1.8", "3.1.7", "3.1.6", "3.1.5", "3.1.5.rc1", "3.1.4", "3.1.4.rc1", "3.1.3", "3.1.2", "3.1.2.rc2", "3.1.2.rc1", "3.1.1", "3.1.1.rc3", "3.1.1.rc2", "3.1.1.rc1", "3.1.0", "3.1.0.rc8", "3.1.0.rc6", "3.1.0.rc5", "3.1.0.rc4", "3.1.0.rc3", "3.1.0.rc2", "3.1.0.rc1", "3.1.0.beta1", "3.0.20", "3.0.19", "3.0.18", "3.0.17", "3.0.16", "3.0.15", "3.0.14", "3.0.13", "3.0.13.rc1", "3.0.12", "3.0.12.rc1", "3.0.11", "3.0.10", "3.0.10.rc1", "3.0.9", "3.0.9.rc5", "3.0.9.rc4", "3.0.9.rc3", "3.0.9.rc1", "3.0.8", "3.0.8.rc4", "3.0.8.rc2", "3.0.8.rc1", "3.0.7", "3.0.7.rc2", "3.0.7.rc1", "3.0.6", "3.0.6.rc2", "3.0.6.rc1", "3.0.5", "3.0.5.rc1", "3.0.4", "3.0.4.rc1", "3.0.3", "3.0.2", "3.0.1", "3.0.0", "3.0.0.rc2", "3.0.0.rc", "3.0.0.beta4", "3.0.0.beta3", "3.0.0.beta2", "3.0.0.beta", "2.3.18", "2.3.17", "2.3.16", "2.3.15", "2.3.14", "2.3.12", "2.3.11", "2.3.10", "2.3.9", "2.3.9.pre", "2.3.8", "2.3.8.pre1", "2.3.7", "2.3.6", "2.3.5", "2.3.4", "2.3.3", "2.3.2", "2.2.3", "2.2.2", "2.1.2", "2.1.1", "2.1.0", "2.0.5", "2.0.4", "2.0.2", "2.0.1", "2.0.0"]
Secure versions:
[7.0.4.1, 6.1.7.1, 7.0.4.2, 6.1.7.2, 7.0.4.3, 6.1.7.3, 7.0.5, 7.0.5.1, 6.1.7.4, 7.0.6, 7.0.7, 7.0.7.2, 7.0.7.1, 6.1.7.6, 6.1.7.5, 7.0.8, 7.1.0.beta1, 7.1.0.rc1, 7.1.0.rc2, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.3.2, 7.1.3.1, 7.0.8.1, 6.1.7.7, 7.1.3.3, 7.0.8.2, 7.0.8.3, 7.2.0.beta1, 7.2.0.beta2, 7.1.3.4, 7.0.8.4, 6.1.7.8, 7.2.0.beta3, 7.2.0.rc1, 7.2.0, 7.2.1, 7.1.4, 8.0.0.beta1, 7.2.1.1, 7.1.4.1, 7.0.8.5, 6.1.7.9, 8.0.0.rc1, 7.2.1.2, 7.1.4.2, 7.0.8.6, 6.1.7.10, 8.0.0.rc2, 7.2.2, 7.1.5, 8.0.0]
Recommendation:
Update to version 8.0.0.
Published date: 2013-02-11
Framework: rails
CVE: 2013-0276
CVSS V2: 5.0
ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and
3.2.x before 3.2.12 allows remote attackers to bypass the attr_protected protection
mechanism and modify protected model attributes via a crafted request.
Affected versions:
["3.2.11", "3.2.10", "3.2.9", "3.2.9.rc3", "3.2.9.rc2", "3.2.9.rc1", "3.2.8", "3.2.8.rc2", "3.2.8.rc1", "3.2.7", "3.2.7.rc1", "3.2.6", "3.2.5", "3.2.4", "3.2.4.rc1", "3.2.3", "3.2.3.rc2", "3.2.3.rc1", "3.2.2", "3.2.2.rc1", "3.2.1", "3.2.0", "3.2.0.rc2", "3.2.0.rc1", "3.0.20", "3.0.19", "3.0.18", "3.0.17", "3.0.16", "3.0.15", "3.0.14", "3.0.13", "3.0.13.rc1", "3.0.12", "3.0.12.rc1", "3.0.11", "3.0.10", "3.0.10.rc1", "3.0.9", "3.0.9.rc5", "3.0.9.rc4", "3.0.9.rc3", "3.0.9.rc1", "3.0.8", "3.0.8.rc4", "3.0.8.rc2", "3.0.8.rc1", "3.0.7", "3.0.7.rc2", "3.0.7.rc1", "3.0.6", "3.0.6.rc2", "3.0.6.rc1", "3.0.5", "3.0.5.rc1", "3.0.4", "3.0.4.rc1", "3.0.3", "3.0.2", "3.0.1", "3.0.0", "3.0.0.rc2", "3.0.0.rc", "3.0.0.beta4", "3.0.0.beta3", "3.0.0.beta2", "3.0.0.beta", "2.2.3", "2.2.2", "2.1.2", "2.1.1", "2.1.0", "2.0.5", "2.0.4", "2.0.2", "2.0.1", "2.0.0", "1.15.6", "1.15.5", "1.15.4", "1.15.3", "1.15.2", "1.15.1", "1.15.0", "1.14.4", "1.14.3", "1.14.2", "1.14.1", "1.14.0", "1.13.2", "1.13.1", "1.13.0", "1.12.2", "1.12.1", "1.11.1", "1.11.0", "1.10.1", "1.10.0", "1.9.1", "1.9.0", "1.8.0", "1.7.0", "1.6.0", "1.5.1", "1.5.0", "1.4.0", "1.3.0", "1.2.0", "1.1.0", "1.0.0"]
Secure versions:
[7.0.4.1, 6.1.7.1, 7.0.4.2, 6.1.7.2, 7.0.4.3, 6.1.7.3, 7.0.5, 7.0.5.1, 6.1.7.4, 7.0.6, 7.0.7, 7.0.7.2, 7.0.7.1, 6.1.7.6, 6.1.7.5, 7.0.8, 7.1.0.beta1, 7.1.0.rc1, 7.1.0.rc2, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.3.2, 7.1.3.1, 7.0.8.1, 6.1.7.7, 7.1.3.3, 7.0.8.2, 7.0.8.3, 7.2.0.beta1, 7.2.0.beta2, 7.1.3.4, 7.0.8.4, 6.1.7.8, 7.2.0.beta3, 7.2.0.rc1, 7.2.0, 7.2.1, 7.1.4, 8.0.0.beta1, 7.2.1.1, 7.1.4.1, 7.0.8.5, 6.1.7.9, 8.0.0.rc1, 7.2.1.2, 7.1.4.2, 7.0.8.6, 6.1.7.10, 8.0.0.rc2, 7.2.2, 7.1.5, 8.0.0]
Recommendation:
Update to version 8.0.0.
Published date: 2013-02-11
Framework: rails
CVE: 2013-0277
CVSS V2: 10.0
ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows
remote attackers to cause a denial of service or execute arbitrary code via crafted
serialized attributes that cause the +serialize+ helper to deserialize arbitrary
YAML.
Affected versions:
["3.1.0.rc8", "3.1.0.rc6", "3.1.0.rc5", "3.1.0.rc4", "3.1.0.rc3", "3.1.0.rc2", "3.1.0.rc1", "3.1.0.beta1", "3.0.20", "3.0.19", "3.0.18", "3.0.17", "3.0.16", "3.0.15", "3.0.14", "3.0.13", "3.0.13.rc1", "3.0.12", "3.0.12.rc1", "3.0.11", "3.0.10", "3.0.10.rc1", "3.0.9", "3.0.9.rc5", "3.0.9.rc4", "3.0.9.rc3", "3.0.9.rc1", "3.0.8", "3.0.8.rc4", "3.0.8.rc2", "3.0.8.rc1", "3.0.7", "3.0.7.rc2", "3.0.7.rc1", "3.0.6", "3.0.6.rc2", "3.0.6.rc1", "3.0.5", "3.0.5.rc1", "3.0.4", "3.0.4.rc1", "3.0.3", "3.0.2", "3.0.1", "3.0.0", "3.0.0.rc2", "3.0.0.rc", "3.0.0.beta4", "3.0.0.beta3", "3.0.0.beta2", "3.0.0.beta", "2.2.3", "2.2.2", "2.1.2", "2.1.1", "2.1.0", "2.0.5", "2.0.4", "2.0.2", "2.0.1", "2.0.0", "1.15.6", "1.15.5", "1.15.4", "1.15.3", "1.15.2", "1.15.1", "1.15.0", "1.14.4", "1.14.3", "1.14.2", "1.14.1", "1.14.0", "1.13.2", "1.13.1", "1.13.0", "1.12.2", "1.12.1", "1.11.1", "1.11.0", "1.10.1", "1.10.0", "1.9.1", "1.9.0", "1.8.0", "1.7.0", "1.6.0", "1.5.1", "1.5.0", "1.4.0", "1.3.0", "1.2.0", "1.1.0", "1.0.0"]
Secure versions:
[7.0.4.1, 6.1.7.1, 7.0.4.2, 6.1.7.2, 7.0.4.3, 6.1.7.3, 7.0.5, 7.0.5.1, 6.1.7.4, 7.0.6, 7.0.7, 7.0.7.2, 7.0.7.1, 6.1.7.6, 6.1.7.5, 7.0.8, 7.1.0.beta1, 7.1.0.rc1, 7.1.0.rc2, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.3.2, 7.1.3.1, 7.0.8.1, 6.1.7.7, 7.1.3.3, 7.0.8.2, 7.0.8.3, 7.2.0.beta1, 7.2.0.beta2, 7.1.3.4, 7.0.8.4, 6.1.7.8, 7.2.0.beta3, 7.2.0.rc1, 7.2.0, 7.2.1, 7.1.4, 8.0.0.beta1, 7.2.1.1, 7.1.4.1, 7.0.8.5, 6.1.7.9, 8.0.0.rc1, 7.2.1.2, 7.1.4.2, 7.0.8.6, 6.1.7.10, 8.0.0.rc2, 7.2.2, 7.1.5, 8.0.0]
Recommendation:
Update to version 8.0.0.
Published date: 2014-07-02
Framework: rails
CVE: 2014-3482
SQL injection vulnerability in activerecord/lib/activerecord/connection adapters/postgresql_adapter.rb
in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before
3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper
bitstring quoting. It was discovered that Active Record did not properly quote values
of the bitstring type attributes when using the PostgreSQL database adapter. A remote
attacker could possibly use this flaw to conduct an SQL injection attack against
applications using Active Record.
Affected versions:
["4.0.0.rc2", "4.0.0.rc1", "4.0.0.beta1", "3.1.12", "3.1.11", "3.1.10", "3.1.9", "3.1.8", "3.1.7", "3.1.6", "3.1.5", "3.1.5.rc1", "3.1.4", "3.1.4.rc1", "3.1.3", "3.1.2", "3.1.2.rc2", "3.1.2.rc1", "3.1.1", "3.1.1.rc3", "3.1.1.rc2", "3.1.1.rc1", "3.1.0", "3.1.0.rc8", "3.1.0.rc6", "3.1.0.rc5", "3.1.0.rc4", "3.1.0.rc3", "3.1.0.rc2", "3.1.0.rc1", "3.1.0.beta1", "3.0.20", "3.0.19", "3.0.18", "3.0.17", "3.0.16", "3.0.15", "3.0.14", "3.0.13", "3.0.13.rc1", "3.0.12", "3.0.12.rc1", "3.0.11", "3.0.10", "3.0.10.rc1", "3.0.9", "3.0.9.rc5", "3.0.9.rc4", "3.0.9.rc3", "3.0.9.rc1", "3.0.8", "3.0.8.rc4", "3.0.8.rc2", "3.0.8.rc1", "3.0.7", "3.0.7.rc2", "3.0.7.rc1", "3.0.6", "3.0.6.rc2", "3.0.6.rc1", "3.0.5", "3.0.5.rc1", "3.0.4", "3.0.4.rc1", "3.0.3", "3.0.2", "3.0.1", "3.0.0", "3.0.0.rc2", "3.0.0.rc", "3.0.0.beta4", "3.0.0.beta3", "3.0.0.beta2", "3.0.0.beta", "2.3.18", "2.3.17", "2.3.16", "2.3.15", "2.3.14", "2.3.12", "2.3.11", "2.3.10", "2.3.9", "2.3.9.pre", "2.3.8", "2.3.8.pre1", "2.3.7", "2.3.6", "2.3.5", "2.3.4", "2.3.3", "2.3.2", "2.2.3", "2.2.2", "2.1.2", "2.1.1", "2.1.0", "2.0.5", "2.0.4", "2.0.2", "2.0.1", "2.0.0", "1.15.6", "1.15.5", "1.15.4", "1.15.3", "1.15.2", "1.15.1", "1.15.0", "1.14.4", "1.14.3", "1.14.2", "1.14.1", "1.14.0", "1.13.2", "1.13.1", "1.13.0", "1.12.2", "1.12.1", "1.11.1", "1.11.0", "1.10.1", "1.10.0", "1.9.1", "1.9.0", "1.8.0", "1.7.0", "1.6.0", "1.5.1", "1.5.0", "1.4.0", "1.3.0", "1.2.0", "1.1.0", "1.0.0"]
Secure versions:
[7.0.4.1, 6.1.7.1, 7.0.4.2, 6.1.7.2, 7.0.4.3, 6.1.7.3, 7.0.5, 7.0.5.1, 6.1.7.4, 7.0.6, 7.0.7, 7.0.7.2, 7.0.7.1, 6.1.7.6, 6.1.7.5, 7.0.8, 7.1.0.beta1, 7.1.0.rc1, 7.1.0.rc2, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.3.2, 7.1.3.1, 7.0.8.1, 6.1.7.7, 7.1.3.3, 7.0.8.2, 7.0.8.3, 7.2.0.beta1, 7.2.0.beta2, 7.1.3.4, 7.0.8.4, 6.1.7.8, 7.2.0.beta3, 7.2.0.rc1, 7.2.0, 7.2.1, 7.1.4, 8.0.0.beta1, 7.2.1.1, 7.1.4.1, 7.0.8.5, 6.1.7.9, 8.0.0.rc1, 7.2.1.2, 7.1.4.2, 7.0.8.6, 6.1.7.10, 8.0.0.rc2, 7.2.2, 7.1.5, 8.0.0]
Recommendation:
Update to version 8.0.0.
Published date: 2022-07-12
Framework: rails
CVE: 2022-32224
CVSS V3: 9.8
There is a possible escalation to RCE when using YAML serialized columns in
Active Record. This vulnerability has been assigned the CVE identifier
CVE-2022-32224.
Versions Affected: All.
Not affected: None
Fixed Versions: 7.0.3.1, 6.1.6.1, 6.0.5.1, 5.2.8.1
Impact
When serialized columns that use YAML (the default) are deserialized, Rails
uses YAML.unsafe_load
to convert the YAML data in to Ruby objects. If an
attacker can manipulate data in the database (via means like SQL injection),
then it may be possible for the attacker to escalate to an RCE.
Impacted Active Record models will look something like this:
class User < ApplicationRecord
serialize :options # Vulnerable: Uses YAML for serialization
serialize :values, Array # Vulnerable: Uses YAML for serialization
serialize :values, JSON # Not vulnerable
end
All users running an affected release should either upgrade or use one of the
workarounds immediately.
Releases
The FIXED releases are available at the normal locations.
The released versions change the default YAML deserializer to use
YAML.safe_load
, which prevents deserialization of possibly dangerous
objects. This may introduce backwards compatibility issues with existing
data.
In order to cope with that situation, the released version also contains two
new Active Record configuration options. The configuration options are as
follows:
config.active_record.use_yaml_unsafe_load
When set to true, this configuration option tells Rails to use the old
unsafe YAML loading strategy, maintaining the existing behavior but leaving
the possible escalation vulnerability in place. Setting this option to true
is not recommended, but can aid in upgrading.
config.active_record.yaml_column_permitted_classes
The safe YAML loading method does not allow all classes to be deserialized
by default. This option allows you to specify classes deemed safe in your
application. For example, if your application uses Symbol and Time in
serialized data, you can add Symbol and Time to the allowed list as follows:
config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time]
Workarounds
There are no feasible workarounds for this issue, but other coders (such as
JSON) are not impacted.
Affected versions:
["5.1.7", "5.1.7.rc1", "5.1.6.2", "5.1.6.1", "5.1.6", "5.1.5", "5.1.5.rc1", "5.1.4", "5.1.4.rc1", "5.1.3", "5.1.3.rc3", "5.1.3.rc2", "5.1.3.rc1", "5.1.2", "5.1.2.rc1", "5.1.1", "5.1.0", "5.1.0.rc2", "5.1.0.rc1", "5.1.0.beta1", "5.0.7.2", "5.0.7.1", "5.0.7", "5.0.6", "5.0.6.rc1", "5.0.5", "5.0.5.rc2", "5.0.5.rc1", "5.0.4", "5.0.4.rc1", "5.0.3", "5.0.2", "5.0.2.rc1", "5.0.1", "5.0.1.rc2", "5.0.1.rc1", "5.0.0.1", "5.0.0", "5.0.0.rc2", "5.0.0.rc1", "5.0.0.racecar1", "5.0.0.beta4", "5.0.0.beta3", "5.0.0.beta2", "5.0.0.beta1.1", "5.0.0.beta1", "4.2.11.3", "4.2.11.2", "4.2.11.1", "4.2.11", "4.2.10", "4.2.10.rc1", "4.2.9", "4.2.9.rc2", "4.2.9.rc1", "4.2.8", "4.2.8.rc1", "4.2.7.1", "4.2.7", "4.2.7.rc1", "4.2.6", "4.2.6.rc1", "4.2.5.2", "4.2.5.1", "4.2.5", "4.2.5.rc2", "4.2.5.rc1", "4.2.4", "4.2.4.rc1", "4.2.3", "4.2.3.rc1", "4.2.2", "4.2.1", "4.2.1.rc4", "4.2.1.rc3", "4.2.1.rc2", "4.2.1.rc1", "4.2.0", "4.2.0.rc3", "4.2.0.rc2", "4.2.0.rc1", "4.2.0.beta4", "4.2.0.beta3", "4.2.0.beta2", "4.2.0.beta1", "4.1.16", "4.1.16.rc1", "4.1.15", "4.1.15.rc1", "4.1.14.2", "4.1.14.1", "4.1.14", "4.1.14.rc2", "4.1.14.rc1", "4.1.13", "4.1.13.rc1", "4.1.12", "4.1.12.rc1", "4.1.11", "4.1.10", "4.1.10.rc4", "4.1.10.rc3", "4.1.10.rc2", "4.1.10.rc1", "4.1.9", "4.1.9.rc1", "4.1.8", "4.1.7.1", "4.1.7", "4.1.6", "4.1.6.rc2", "4.1.6.rc1", "4.1.5", "4.1.4", "4.1.3", "4.1.2", "4.1.2.rc3", "4.1.2.rc2", "4.1.2.rc1", "4.1.1", "4.1.0", "4.1.0.rc2", "4.1.0.rc1", "4.1.0.beta2", "4.1.0.beta1", "4.0.13", "4.0.13.rc1", "4.0.12", "4.0.11.1", "4.0.11", "4.0.10", "4.0.10.rc2", "4.0.10.rc1", "4.0.9", "4.0.8", "4.0.7", "4.0.6", "4.0.6.rc3", "4.0.6.rc2", "4.0.6.rc1", "4.0.5", "4.0.4", "4.0.4.rc1", "4.0.3", "4.0.2", "4.0.1", "4.0.1.rc4", "4.0.1.rc3", "4.0.1.rc2", "4.0.1.rc1", "4.0.0", "4.0.0.rc2", "4.0.0.rc1", "4.0.0.beta1", "3.2.22.5", "3.2.22.4", "3.2.22.3", "3.2.22.2", "3.2.22.1", "3.2.22", "3.2.21", "3.2.20", "3.2.19", "3.2.18", "3.2.17", "3.2.16", "3.2.15", "3.2.15.rc3", "3.2.15.rc2", "3.2.15.rc1", "3.2.14", "3.2.14.rc2", "3.2.14.rc1", "3.2.13", "3.2.13.rc2", "3.2.13.rc1", "3.2.12", "3.2.11", "3.2.10", "3.2.9", "3.2.9.rc3", "3.2.9.rc2", "3.2.9.rc1", "3.2.8", "3.2.8.rc2", "3.2.8.rc1", "3.2.7", "3.2.7.rc1", "3.2.6", "3.2.5", "3.2.4", "3.2.4.rc1", "3.2.3", "3.2.3.rc2", "3.2.3.rc1", "3.2.2", "3.2.2.rc1", "3.2.1", "3.2.0", "3.2.0.rc2", "3.2.0.rc1", "3.1.12", "3.1.11", "3.1.10", "3.1.9", "3.1.8", "3.1.7", "3.1.6", "3.1.5", "3.1.5.rc1", "3.1.4", "3.1.4.rc1", "3.1.3", "3.1.2", "3.1.2.rc2", "3.1.2.rc1", "3.1.1", "3.1.1.rc3", "3.1.1.rc2", "3.1.1.rc1", "3.1.0", "3.1.0.rc8", "3.1.0.rc6", "3.1.0.rc5", "3.1.0.rc4", "3.1.0.rc3", "3.1.0.rc2", "3.1.0.rc1", "3.1.0.beta1", "3.0.20", "3.0.19", "3.0.18", "3.0.17", "3.0.16", "3.0.15", "3.0.14", "3.0.13", "3.0.13.rc1", "3.0.12", "3.0.12.rc1", "3.0.11", "3.0.10", "3.0.10.rc1", "3.0.9", "3.0.9.rc5", "3.0.9.rc4", "3.0.9.rc3", "3.0.9.rc1", "3.0.8", "3.0.8.rc4", "3.0.8.rc2", "3.0.8.rc1", "3.0.7", "3.0.7.rc2", "3.0.7.rc1", "3.0.6", "3.0.6.rc2", "3.0.6.rc1", "3.0.5", "3.0.5.rc1", "3.0.4", "3.0.4.rc1", "3.0.3", "3.0.2", "3.0.1", "3.0.0", "3.0.0.rc2", "3.0.0.rc", "3.0.0.beta4", "3.0.0.beta3", "3.0.0.beta2", "3.0.0.beta", "2.3.18", "2.3.17", "2.3.16", "2.3.15", "2.3.14", "2.3.12", "2.3.11", "2.3.10", "2.3.9", "2.3.9.pre", "2.3.8", "2.3.8.pre1", "2.3.7", "2.3.6", "2.3.5", "2.3.4", "2.3.3", "2.3.2", "2.2.3", "2.2.2", "2.1.2", "2.1.1", "2.1.0", "2.0.5", "2.0.4", "2.0.2", "2.0.1", "2.0.0", "1.15.6", "1.15.5", "1.15.4", "1.15.3", "1.15.2", "1.15.1", "1.15.0", "1.14.4", "1.14.3", "1.14.2", "1.14.1", "1.14.0", "1.13.2", "1.13.1", "1.13.0", "1.12.2", "1.12.1", "1.11.1", "1.11.0", "1.10.1", "1.10.0", "1.9.1", "1.9.0", "1.8.0", "1.7.0", "1.6.0", "1.5.1", "1.5.0", "1.4.0", "1.3.0", "1.2.0", "1.1.0", "1.0.0", "7.0.0.alpha2", "7.0.0.alpha1", "7.0.0.rc1", "7.0.0.rc3", "7.0.0.rc2", "7.0.0", "7.0.1", "7.0.2", "7.0.2.2", "7.0.2.1", "7.0.2.3", "7.0.2.4", "7.0.3"]
Secure versions:
[7.0.4.1, 6.1.7.1, 7.0.4.2, 6.1.7.2, 7.0.4.3, 6.1.7.3, 7.0.5, 7.0.5.1, 6.1.7.4, 7.0.6, 7.0.7, 7.0.7.2, 7.0.7.1, 6.1.7.6, 6.1.7.5, 7.0.8, 7.1.0.beta1, 7.1.0.rc1, 7.1.0.rc2, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.3.2, 7.1.3.1, 7.0.8.1, 6.1.7.7, 7.1.3.3, 7.0.8.2, 7.0.8.3, 7.2.0.beta1, 7.2.0.beta2, 7.1.3.4, 7.0.8.4, 6.1.7.8, 7.2.0.beta3, 7.2.0.rc1, 7.2.0, 7.2.1, 7.1.4, 8.0.0.beta1, 7.2.1.1, 7.1.4.1, 7.0.8.5, 6.1.7.9, 8.0.0.rc1, 7.2.1.2, 7.1.4.2, 7.0.8.6, 6.1.7.10, 8.0.0.rc2, 7.2.2, 7.1.5, 8.0.0]
Recommendation:
Update to version 8.0.0.
Published date: 2023-01-18
Framework: rails
CVE: 2022-44566
CVSS V3: 7.5
There is a potential denial of service vulnerability present in
ActiveRecord’s PostgreSQL adapter.
This has been assigned the CVE identifier CVE-2022-44566.
Versions Affected: All.
Not affected: None.
Fixed Versions: 5.2.8.15 (Rails LTS), 6.1.7.1, 7.0.4.1
Impact
In ActiveRecord <7.0.4.1 and <6.1.7.1, when a value outside the range for a
64bit signed integer is provided to the PostgreSQL connection adapter, it
will treat the target column type as numeric. Comparing integer values
against numeric values can result in a slow sequential scan resulting in
potential Denial of Service.
Workarounds
Ensure that user supplied input which is provided to ActiveRecord clauses do
not contain integers wider than a signed 64bit representation or floats.
Affected versions:
["6.0.3.4", "6.0.3.3", "6.0.3.2", "6.0.3.1", "6.0.3", "6.0.3.rc1", "6.0.2.2", "6.0.2.1", "6.0.2", "6.0.2.rc2", "6.0.2.rc1", "6.0.1", "6.0.1.rc1", "6.0.0", "6.0.0.rc2", "6.0.0.rc1", "6.0.0.beta3", "6.0.0.beta2", "6.0.0.beta1", "5.1.7", "5.1.7.rc1", "5.1.6.2", "5.1.6.1", "5.1.6", "5.1.5", "5.1.5.rc1", "5.1.4", "5.1.4.rc1", "5.1.3", "5.1.3.rc3", "5.1.3.rc2", "5.1.3.rc1", "5.1.2", "5.1.2.rc1", "5.1.1", "5.1.0", "5.1.0.rc2", "5.1.0.rc1", "5.1.0.beta1", "5.0.7.2", "5.0.7.1", "5.0.7", "5.0.6", "5.0.6.rc1", "5.0.5", "5.0.5.rc2", "5.0.5.rc1", "5.0.4", "5.0.4.rc1", "5.0.3", "5.0.2", "5.0.2.rc1", "5.0.1", "5.0.1.rc2", "5.0.1.rc1", "5.0.0.1", "5.0.0", "5.0.0.rc2", "5.0.0.rc1", "5.0.0.racecar1", "5.0.0.beta4", "5.0.0.beta3", "5.0.0.beta2", "5.0.0.beta1.1", "5.0.0.beta1", "4.2.11.3", "4.2.11.2", "4.2.11.1", "4.2.11", "4.2.10", "4.2.10.rc1", "4.2.9", "4.2.9.rc2", "4.2.9.rc1", "4.2.8", "4.2.8.rc1", "4.2.7.1", "4.2.7", "4.2.7.rc1", "4.2.6", "4.2.6.rc1", "4.2.5.2", "4.2.5.1", "4.2.5", "4.2.5.rc2", "4.2.5.rc1", "4.2.4", "4.2.4.rc1", "4.2.3", "4.2.3.rc1", "4.2.2", "4.2.1", "4.2.1.rc4", "4.2.1.rc3", "4.2.1.rc2", "4.2.1.rc1", "4.2.0", "4.2.0.rc3", "4.2.0.rc2", "4.2.0.rc1", "4.2.0.beta4", "4.2.0.beta3", "4.2.0.beta2", "4.2.0.beta1", "4.1.16", "4.1.16.rc1", "4.1.15", "4.1.15.rc1", "4.1.14.2", "4.1.14.1", "4.1.14", "4.1.14.rc2", "4.1.14.rc1", "4.1.13", "4.1.13.rc1", "4.1.12", "4.1.12.rc1", "4.1.11", "4.1.10", "4.1.10.rc4", "4.1.10.rc3", "4.1.10.rc2", "4.1.10.rc1", "4.1.9", "4.1.9.rc1", "4.1.8", "4.1.7.1", "4.1.7", "4.1.6", "4.1.6.rc2", "4.1.6.rc1", "4.1.5", "4.1.4", "4.1.3", "4.1.2", "4.1.2.rc3", "4.1.2.rc2", "4.1.2.rc1", "4.1.1", "4.1.0", "4.1.0.rc2", "4.1.0.rc1", "4.1.0.beta2", "4.1.0.beta1", "4.0.13", "4.0.13.rc1", "4.0.12", "4.0.11.1", "4.0.11", "4.0.10", "4.0.10.rc2", "4.0.10.rc1", "4.0.9", "4.0.8", "4.0.7", "4.0.6", "4.0.6.rc3", "4.0.6.rc2", "4.0.6.rc1", "4.0.5", "4.0.4", "4.0.4.rc1", "4.0.3", "4.0.2", "4.0.1", "4.0.1.rc4", "4.0.1.rc3", "4.0.1.rc2", "4.0.1.rc1", "4.0.0", "4.0.0.rc2", "4.0.0.rc1", "4.0.0.beta1", "3.2.22.5", "3.2.22.4", "3.2.22.3", "3.2.22.2", "3.2.22.1", "3.2.22", "3.2.21", "3.2.20", "3.2.19", "3.2.18", "3.2.17", "3.2.16", "3.2.15", "3.2.15.rc3", "3.2.15.rc2", "3.2.15.rc1", "3.2.14", "3.2.14.rc2", "3.2.14.rc1", "3.2.13", "3.2.13.rc2", "3.2.13.rc1", "3.2.12", "3.2.11", "3.2.10", "3.2.9", "3.2.9.rc3", "3.2.9.rc2", "3.2.9.rc1", "3.2.8", "3.2.8.rc2", "3.2.8.rc1", "3.2.7", "3.2.7.rc1", "3.2.6", "3.2.5", "3.2.4", "3.2.4.rc1", "3.2.3", "3.2.3.rc2", "3.2.3.rc1", "3.2.2", "3.2.2.rc1", "3.2.1", "3.2.0", "3.2.0.rc2", "3.2.0.rc1", "3.1.12", "3.1.11", "3.1.10", "3.1.9", "3.1.8", "3.1.7", "3.1.6", "3.1.5", "3.1.5.rc1", "3.1.4", "3.1.4.rc1", "3.1.3", "3.1.2", "3.1.2.rc2", "3.1.2.rc1", "3.1.1", "3.1.1.rc3", "3.1.1.rc2", "3.1.1.rc1", "3.1.0", "3.1.0.rc8", "3.1.0.rc6", "3.1.0.rc5", "3.1.0.rc4", "3.1.0.rc3", "3.1.0.rc2", "3.1.0.rc1", "3.1.0.beta1", "3.0.20", "3.0.19", "3.0.18", "3.0.17", "3.0.16", "3.0.15", "3.0.14", "3.0.13", "3.0.13.rc1", "3.0.12", "3.0.12.rc1", "3.0.11", "3.0.10", "3.0.10.rc1", "3.0.9", "3.0.9.rc5", "3.0.9.rc4", "3.0.9.rc3", "3.0.9.rc1", "3.0.8", "3.0.8.rc4", "3.0.8.rc2", "3.0.8.rc1", "3.0.7", "3.0.7.rc2", "3.0.7.rc1", "3.0.6", "3.0.6.rc2", "3.0.6.rc1", "3.0.5", "3.0.5.rc1", "3.0.4", "3.0.4.rc1", "3.0.3", "3.0.2", "3.0.1", "3.0.0", "3.0.0.rc2", "3.0.0.rc", "3.0.0.beta4", "3.0.0.beta3", "3.0.0.beta2", "3.0.0.beta", "2.3.18", "2.3.17", "2.3.16", "2.3.15", "2.3.14", "2.3.12", "2.3.11", "2.3.10", "2.3.9", "2.3.9.pre", "2.3.8", "2.3.8.pre1", "2.3.7", "2.3.6", "2.3.5", "2.3.4", "2.3.3", "2.3.2", "2.2.3", "2.2.2", "2.1.2", "2.1.1", "2.1.0", "2.0.5", "2.0.4", "2.0.2", "2.0.1", "2.0.0", "1.15.6", "1.15.5", "1.15.4", "1.15.3", "1.15.2", "1.15.1", "1.15.0", "1.14.4", "1.14.3", "1.14.2", "1.14.1", "1.14.0", "1.13.2", "1.13.1", "1.13.0", "1.12.2", "1.12.1", "1.11.1", "1.11.0", "1.10.1", "1.10.0", "1.9.1", "1.9.0", "1.8.0", "1.7.0", "1.6.0", "1.5.1", "1.5.0", "1.4.0", "1.3.0", "1.2.0", "1.1.0", "1.0.0", "6.0.3.5", "6.0.3.6", "6.0.3.7", "6.0.4", "6.0.4.1", "7.0.0.alpha2", "7.0.0.alpha1", "7.0.0.rc1", "7.0.0.rc3", "7.0.0.rc2", "6.0.4.3", "6.0.4.2", "6.0.4.4", "7.0.0", "7.0.1", "7.0.2", "7.0.2.2", "7.0.2.1", "6.0.4.6", "6.0.4.5", "7.0.2.3", "6.0.4.7", "7.0.2.4", "6.0.4.8", "7.0.3", "6.0.5", "7.0.3.1", "6.0.5.1", "7.0.4", "6.0.6", "6.0.6.1"]
Secure versions:
[7.0.4.1, 6.1.7.1, 7.0.4.2, 6.1.7.2, 7.0.4.3, 6.1.7.3, 7.0.5, 7.0.5.1, 6.1.7.4, 7.0.6, 7.0.7, 7.0.7.2, 7.0.7.1, 6.1.7.6, 6.1.7.5, 7.0.8, 7.1.0.beta1, 7.1.0.rc1, 7.1.0.rc2, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.3.2, 7.1.3.1, 7.0.8.1, 6.1.7.7, 7.1.3.3, 7.0.8.2, 7.0.8.3, 7.2.0.beta1, 7.2.0.beta2, 7.1.3.4, 7.0.8.4, 6.1.7.8, 7.2.0.beta3, 7.2.0.rc1, 7.2.0, 7.2.1, 7.1.4, 8.0.0.beta1, 7.2.1.1, 7.1.4.1, 7.0.8.5, 6.1.7.9, 8.0.0.rc1, 7.2.1.2, 7.1.4.2, 7.0.8.6, 6.1.7.10, 8.0.0.rc2, 7.2.2, 7.1.5, 8.0.0]
Recommendation:
Update to version 8.0.0.
489 Other Versions