In a former
blog-posthttp://weblog.rubyonrails.org/2013/2/24/maintenance-policy-for-ruby-on-rails/,
the rails maintainer stated, that after the release of 4.0 only 3.2 will
get maintenance.
I wonder:
When you check
out
Versions of Rubyonrails Ruby On Rails : Versions and number of related security vulnerabilities,
then you will notice that there is no entry for 3.1.12.
Can this version be considered “secure”? Or are the vulnerabilities no
longer tested against this specific version?
Maybe someone can give a little insight, how the vulnerabilities are
tested
against all (?) releases for rails.
For example new XSS vulnerabilities are being checked against 0.X - 4.X
releases - as it seems, based on the CVE reports.
Thanks for your insights & help,
Kind regards,
René