Declare dependency only on protected versions of the gem

My gem depends on ActiveSupport and has been tested successfully with ActiveSupport 3.2, 4.1 and 4.2.

Some versions of ActiveSupport have the CVE-2015-3227 vulnerability and I want to exclude these versions from my dependency declaration.

The dependency is currently declared like this:

spec.add_runtime_dependency 'activesupport', '>= 3.2.22', '< 5'

but this includes the insecure versions of ActiveSupport 4.1 and 4.2.

Is there a way to exclude these unsafe versions from the dependency?