Project

General

Profile

Actions

Defect #27356

open

Confusing statements concerning fixed versions on Security Advisories wiki page

Added by Gregor Schmidt over 6 years ago. Updated over 6 years ago.

Status:
Needs feedback
Priority:
Normal
Category:
Website (redmine.org)
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Affected version:

Description

The "fixed versions" for two old Rails related vulnerabilities listed on Security Advisories are very confusing.

Here's the relevant part of the table:

Critical Ruby on Rails vulnerability (announcement) All releases prior to 2.2.1 and 2.1.6 Fix for 1.4.7
Critical Ruby on Rails vulnerability (announcement) All releases prior to 2.2.1 and 2.1.6 1.4.7

I assume the proper 'Fixed Versions' would be:

Critical Ruby on Rails vulnerability (announcement) All releases prior to 2.2.1 and 2.1.6 2.2.1, 2.1.6, Fix for 1.4.7
Critical Ruby on Rails vulnerability (announcement) All releases prior to 2.2.1 and 2.1.6 2.2.1, 2.1.6, 1.4.7

Though I am not absolutely sure, if this change is correct - due to the confusing-ness of the current version.

Actions

Also available in: Atom PDF