CVE-2020-8185 (https://nvd.nist.gov/vuln/detail/CVE-2020-8185): A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.
"Versions Affected: 6.0.0 < rails < 6.0.3.2 Not affected: Applications with `config.action_dispatch.show_exceptions = false` (this is not a default setting in production) Fixed Versions: rails >= 6.0.3.2" So, actually, we're not affected by this. Already clean.