legacy-rails-CVE-2020-5267-patch

A patch for CVE-2020-5267 for Rails 4 and Rails 3. Upgrading Rails would definitely be better, but in the meantime if you're stuck on older versions of Rails, this provides the monkey patch noted in the security advisory packaged and tested as a gem.

Installation

Add this line to your application's Gemfile:

gem 'legacy-rails-CVE-2020-5267-patch'

And then execute:

$ bundle install