All current versions of the Ruby on Rails Web framework (even those updated just last week) have multiple vulnerabilities in parameter parsing that could allow an attacker to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a denial of service attack on a Rails application.
Due to the critical nature of these vulnerabilities, all users running an affected release should either upgrade (again) or use one of the workarounds listed at the URL below immediately.
The maintainers of Ruby on Rails have released new versions that fix the
flaws, 3.2.11, 3.1.10 and 3.0.19. More information is available at