Forum: Ruby on Rails [ANN] Rails 3.2.10, 3.1.9, and 3.0.18 have been released!

Rails versions 3.2.10, 3.1.9, and 3.0.18 have been released.  These 
releases contain an important security fix.  It is recommended that 
**all users upgrade immediately**.

The security identifier is CVE-2012-5664, and you can read about the 
issue [here](add link).

For other change in each particular release, please see the CHANGELOG 
corresponding to that version.  For all commits in each release, please 
follow the links below:

* [Changes in 
3.2.10](https://github.com/rails/rails/compare/v3.2.9...v3.2.10)
* [Changes in 
3.1.9](https://github.com/rails/rails/compare/v3.1.8...v3.1.9)
* [Changes in 
3.0.18](https://github.com/rails/rails/compare/v3.0.17...v3.0.18)

We're sorry to drop a release like this so close to the holidays but 
regrettably the exploit has already been publicly disclosed and we don't 
feel we can delay the release.

To that end, we've minimized the number of changes in each release so 
that upgrading should be as smooth as possible.

Happy Holidays!

<3<3<3

--
Aaron Patterson
http://tenderlovemaking.com/

On Wed, Jan 02, 2013 at 01:28:36PM -0800, Aaron Patterson wrote:
> Rails versions 3.2.10, 3.1.9, and 3.0.18 have been released.  These releases 
contain an important security fix.  It is recommended that **all users upgrade 
immediately**.
>
> The security identifier is CVE-2012-5664, and you can read about the issue 
[here](add link).

Oops!  Forgot the CVE link:

  https://groups.google.com/group/rubyonrails-securi...

Thanks for your patience!

--
Aaron Patterson
http://tenderlovemaking.com/

This article explains how the vulnerability works, how it is triggered 
and
what the facts
are: 
http://blog.phusion.nl/2013/01/03/rails-sql-inject...

It appears that the same fix has been applied to 2.3.15. Is that 
correct?

Thanks