"A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input."
https://github.com/rails/rails/releases/tag/v188.8.131.52 https://github.com/rails/rails/releases/tag/v5.2.6 https://github.com/rails/rails/releases/tag/v184.108.40.206 https://github.com/rails/rails/releases/tag/v220.127.116.11 https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI
Fixed versions have been in the tree since May 7th.
(In reply to Hans de Graaff from comment #2)
> Fixed versions have been in the tree since May 7th.
Thanks! Please cleanup then
Thanks! All done.