An vulnerability affecting the
json gem has been found. A detailed explanation can be found at the Rails security mailing list .
This is not an isolated Rails issue, as it affects a third-party library. It affects all users of the
json gem. This gem might be pulled in as a dependency of other libraries in use. You can check whether you application uses the
json gem by running:
We strongly urge all users of Padrino to upgrade their applications using:
bundle update json
to at least: 1.7.7, 1.6.8, 1.5.5.
Also, never use
JSON.parse, except when you really know what you are doing.