Advisories for Gem/Turbolinks package

XSS vulnerability for html files served up with Content-Disposition attachment headers.