The Ruby on Rails released version 3.1.2 released to fix the XSS(cross site Scripting) vulnerability in the translate helper method which may allow an attacker to insert arbitrary code into a page.
Affected Versions:
3.0.0 and later, 2.3.X in combination with the rails_xss plugin
Solution:
Upgrade to version 3.0.11 or 3.1.2 or use one of the workarounds immediately.
Vulnerability Description:
Ruby on Rails has a helper method for i18n translations. This function
has a convention whereby translations strings with a name ending in
'html' are considered HTML safe. There is also a mechanism for
interpolation. It has been discovered that these 'html' strings allow
arbitrary values to be contained in the interpolated input, and these
values are not escaped.
Affected Versions:
3.0.0 and later, 2.3.X in combination with the rails_xss plugin
Solution:
Upgrade to version 3.0.11 or 3.1.2 or use one of the workarounds immediately.
Vulnerability Description:
Ruby on Rails has a helper method for i18n translations. This function
has a convention whereby translations strings with a name ending in
'html' are considered HTML safe. There is also a mechanism for
interpolation. It has been discovered that these 'html' strings allow
arbitrary values to be contained in the interpolated input, and these
values are not escaped.