[CVE-2015-3225] Potential Denial of Service Vulnerability in Rack https://groups.google.com/d/msg/rubyonrails-security/gcUbICUmKMc/qiCotVZwXrMJ
[CVE-2015-1840] CSRF Vulnerability in jquery-ujs and jquery-rails https://groups.google.com/d/msg/rubyonrails-security/XIZPbobuwaY/fqnzzpuOlA4J
[CVE-2015-3226] XSS Vulnerability in ActiveSupport::JSON.encode https://groups.google.com/d/msg/rubyonrails-security/7VlB_pck3hU/3QZrGIaQW6cJ
[CVE-2015-3224] IP whitelist bypass in Web Console https://groups.google.com/d/msg/rubyonrails-security/lzmz9_ijUFw/HBMPi4zp5NAJ
[CVE-2015-3227] Possible Denial of Service attack in Active Support https://gist.github.com/tenderlove/f2a606459f6027f583c9