[danso]

There's actually two vulnerability announcements: https://groups.google.com/forum/?fromgroups=#!topic/rubyonra...

This one deals with problematic JSON parsing and affects only 3.x. It is dealt with in the release that fixes the other vulnerability