Posted by David October 23, 2008 @ 06:21 PM
Rails 2.1.2 includes the same two security fixes that we pushed
out for 2.0.x recently. We’re talking about a backport of the
offset/limit sanitization fix for Active Record and a fix against
header-injection when using user-contributed strings in
redirect_to (see Response Splitting for more information).
In addition, Rails 2.1.2 fixes the warning that users of RubyGems
1.3.0 were having with script/generate as well as a range of other
minor fixes. Enjoy!
As always, you can install with:
gem install rails --version 2.1.2