On January 28th, the team behind the Ruby on Rails framework announced critical security vulnerabilities. Ruby on Rails is an open source web development framework which is used by Tableau Server, which is in turn affected by these vulnerabilities. You can read more about these vulnerabilities at http://weblog.rubyonrails.org. The Ruby on Rails team has released corrections to these vulnerabilities, which the Tableau Development team is incorporating into Tableau Server and is expecting to release version 7.0.13 including the Ruby on Rails framework patches by end of day February 5, 2013.
7.0.13 Expected to release February 5, 2013.
It is critical that all internet-facing Tableau Servers be updated with the correction to this vulnerability, and we recommend all on-premise Tableau Servers be upgraded as soon as possible after the release on February 5th. Our version 7.0.13 is the release which has this correction. There is no way to independently update just the Ruby on Rails framework in an existing Tableau Server installation. You are required to move to the full maintenance release update.
To perform the upgrade, first complete the Pre-Upgrade Checklist procedures and then follow the steps outlined in the Upgrading Tableau Server article.