Resolved Bugs
1233327 – CVE-2015-3224 rubygem-web-console: IP whitelist bypass in Web Console
1233340 – CVE-2015-3224 rubygem-web-console: IP whitelist bypass in Web Console [fedora-all]<br
Security fix for CVE-2015-3224. Please note that since the security fix was not really backportable, I opted in for rebase.

**1.1.20** – 9 June 2015. Fix for a potential security vulnerability arising from unescaped double-quote character in single-quoted attribute value of some deprecated elements when tag transformation is enabled; recognition for non-(HTML4) standard ‘allowfullscreen’ attribute of ‘iframe.’

Resolved Bugs
1233334 – CVE-2015-1840 rubygem-jquery-rails: CSRF Vulnerability in jquery-ujs and jquery-rails
1233336 – CVE-2015-1840 rubygem-jquery-rails: CSRF Vulnerability in jquery-ujs and jquery-rails [fedora-all]<br
Security fix for CVE-2015-1840