- Fix CVE-2016-0751 - Possible Object Leak and Denial of Service attack in Action Pack
- Fix CVE-2015-7581 - Object leak vulnerability for wildcard controller routes in Action Pack
- Fix CVE-2015-7576 - Timing attack vulnerability in basic authentication in Action Controller
- Fix CVE-2016-0752 - Possible Information Leak Vulnerability in Action View
- Fix CVE-2016-0753 - Possible Input Validation Circumvention in Active Model
- Fix CVE-2015-7577 - Nested attributes rejection proc bypass in Active Record
- Fix CVE-2015-7579 - XSS vulnerability in rails-html-sanitizer
- Fix CVE-2015-7578 - Possible XSS vulnerability in rails-html-sanitizer