Peter StöckliWhere I'll demonstrate some typical Ruby on Rails gotchas on a real project:
https://github.blog/2023-07-28-closing-vulnerabilities-in-decidim-a-ruby-based-citizen-participation-platform/
A.) Why you shouldn't feed user-submitted content to link_to (CVE-2023-32693).
B.) Why you shouldn't match strings with ^and $ when using Regex
C.) ??? (CVE-2023-34090)
Closing vulnerabilities in Decidim, a Ruby-based citizen participation platform - The GitHub Blog
This blog post describes two security vulnerabilities in Decidim, a digital platform for citizen participation. Both vulnerabilities were addressed by the Decidim team with corresponding update releases for the supported versions in May 2023.