def check_cve_2011_0447
@warned_cve_2011_0447 ||= false
return if @warned_cve_2011_0447
if version_between? "2.1.0", "2.3.10"
new_version = "2.3.11"
elsif version_between? "3.0.0", "3.0.3"
new_version = "3.0.4"
else
return
end
@warned_cve_2011_0447 = true
csrf_warning :warning_code => :CVE_2011_0447,
:message => msg("CSRF protection is flawed in unpatched versions of ", msg_version(rails_version), " ", msg_cve("CVE-2011-0447"), ". Upgrade to ", msg_version(new_version), " or apply patches as needed"),
:gem_info => gemfile_or_environment,
:file => nil,
:link_path => "https://groups.google.com/d/topic/rubyonrails-security/LZWjzCPgNmU/discussion"
end