Project

General

Profile

Actions

Defect #27356

closed

Confusing statements concerning fixed versions on Security Advisories wiki page

Added by Gregor Schmidt about 7 years ago. Updated 5 months ago.

Status:
Closed
Priority:
Normal
Category:
Website (redmine.org)
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed
Affected version:

Description

The "fixed versions" for two old Rails related vulnerabilities listed on Security Advisories are very confusing.

Here's the relevant part of the table:

Critical Ruby on Rails vulnerability (announcement) All releases prior to 2.2.1 and 2.1.6 Fix for 1.4.7
Critical Ruby on Rails vulnerability (announcement) All releases prior to 2.2.1 and 2.1.6 1.4.7

I assume the proper 'Fixed Versions' would be:

Critical Ruby on Rails vulnerability (announcement) All releases prior to 2.2.1 and 2.1.6 2.2.1, 2.1.6, Fix for 1.4.7
Critical Ruby on Rails vulnerability (announcement) All releases prior to 2.2.1 and 2.1.6 2.2.1, 2.1.6, 1.4.7

Though I am not absolutely sure, if this change is correct - due to the confusing-ness of the current version.

Actions

Also available in: Atom PDF