The go-to resource for upgrading Ruby, Rails, and your dependencies.
An analysis of CVE-2008-7248, a vulnerability in Ruby on Rails ActionPack that allowed attackers to bypass Cross-Site Request Forgery (CSRF) protection using the text/plain content type.
Mar 15, 2026