Good news everyone! Rails version 3.2.4 has been released.
This release of Rails contains two important security fixes:
- CVE-2012-2660 Ruby on Rails Active Record Unsafe Query Generation
- CVE-2012-2661 Ruby on Rails Active Record SQL Injection
It is suggested that all users upgrade immediately. For more
these issues, please see the annoumcenents on the rubyonrails-security
Specifically these announcements:
Other changes for this release can be found in each component’s
All changes can be found here:
I want to give a special thanks to Ben Murphy for responsibly reporting
security issues that are fixed in this release. Thank you very much!