Defect #27356

Confusing statements concerning fixed versions on Security Advisories wiki page

Added by Gregor Schmidt 18 days ago.

Status:NewStart date:
Priority:NormalDue date:
Assignee:Jean-Philippe Lang% Done:

0%

Category:Website (redmine.org)
Target version:-
Resolution: Affected version:

Description

The "fixed versions" for two old Rails related vulnerabilities listed on Security Advisories are very confusing.

Here's the relevant part of the table:

Critical Ruby on Rails vulnerability (announcement) All releases prior to 2.2.1 and 2.1.6 Fix for 1.4.7
Critical Ruby on Rails vulnerability (announcement) All releases prior to 2.2.1 and 2.1.6 1.4.7

I assume the proper 'Fixed Versions' would be:

Critical Ruby on Rails vulnerability (announcement) All releases prior to 2.2.1 and 2.1.6 2.2.1, 2.1.6, Fix for 1.4.7
Critical Ruby on Rails vulnerability (announcement) All releases prior to 2.2.1 and 2.1.6 2.2.1, 2.1.6, 1.4.7

Though I am not absolutely sure, if this change is correct - due to the confusing-ness of the current version.

Also available in: Atom PDF