[ANN] Rails version 3.2.4 has been released!

Good news everyone! Rails version 3.2.4 has been released.

This release of Rails contains two important security fixes:

  • CVE-2012-2660 Ruby on Rails Active Record Unsafe Query Generation
    Risk
  • CVE-2012-2661 Ruby on Rails Active Record SQL Injection
    Vulnerability

It is suggested that all users upgrade immediately. For more
information about
these issues, please see the annoumcenents on the rubyonrails-security
mailing list:

https://groups.google.com/group/rubyonrails-security

Specifically these announcements:

https://groups.google.com/group/rubyonrails-security/browse_thread/thread/f1203e3376acec0f
https://groups.google.com/group/rubyonrails-security/browse_thread/thread/7546a238e1962f59

Other changes for this release can be found in each component’s
CHANGELOG:

https://github.com/rails/rails/blob/3-2-stable/actionmailer/CHANGELOG.md
https://github.com/rails/rails/blob/3-2-stable/actionpack/CHANGELOG.md
https://github.com/rails/rails/blob/3-2-stable/activemodel/CHANGELOG.md
https://github.com/rails/rails/blob/3-2-stable/activerecord/CHANGELOG.md
https://github.com/rails/rails/blob/3-2-stable/activesupport/CHANGELOG.md
https://github.com/rails/rails/blob/3-2-stable/railties/CHANGELOG.md

All changes can be found here:

https://github.com/rails/rails/compare/v3.2.3...v3.2.4

I want to give a special thanks to Ben Murphy for responsibly reporting
the two
security issues that are fixed in this release. Thank you very much!

<3<3<3

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs