Two vulnerabilities were discovered in rails, the Ruby based server-side MVC web application framework, which could lead to XSS and DOM based cross-site scripting (CRS). This update also fixes a regression introduced in previous update that may block certain access for applications using development environment. For the stable distribution (bullseye), these problems have been fixed in version 2:6.0.3.7+dfsg-2+deb11u2. We recommend that you upgrade your rails packages. For the detailed security status of rails please refer to its security tracker page at: security-tracker.debian.org/tracker/rails