Forum: Ruby on Rails [SEC][ANN] Rails 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been released!

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
38b74ccb8896076ccd0adbab2eba0809?d=identicon&s=25 Aaron Patterson (tenderlove)
on 2013-01-08 21:21
(Received via mailing list)
Hi everybody.

I'd like to announce that 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been
released.  These releases contain two **extremely critical security
fixes** so please update **IMMEDIATELY**.

You can read about the security fixes by following these links:


In order to ease upgrading, the only major changes in each gem are the
security fixes.  To see the detailed changes for each version, follow
the links below:

* [Changes in
* [Changes in
* [Changes in
* [Changes in

Thanks to the people who responsibly reported these security issues.

Here are the SHA-1 checksums for each gem:

### 3.2.11

[aaron@higgins dist]$ shasum *3.2.11*
933cd2821b30cdff4a2e0b5cc63f4d2c6b29affe  actionmailer-3.2.11.gem
54731c51b55bf0215392971b982139775c0bfa2b  actionpack-3.2.11.gem
5ccde66568d8051405c01063f1afaed13bd01082  activemodel-3.2.11.gem
f360c17968486479b0a4207e7eccbe379186a9d2  activerecord-3.2.11.gem
c61ff513be8a8aef898d2e5c4c9508d60727c556  activeresource-3.2.11.gem
41a4e8c382594283026d977554c1e18233198ca8  activesupport-3.2.11.gem
8fa6d19a0daea910e39a0911b2240c2a7b630fb1  rails-3.2.11.gem
ffaec7c3e5211283108cf5afab8e79be76090a0d  railties-3.2.11.gem

### 3.1.10

[aaron@higgins dist]$ shasum *3.1.10*
e3dce983ebd0ee8970c5ddab46b05ac432c8b029  actionmailer-3.1.10.gem
84e536e732255e5dfd3d8053c10ed98dcb45ac80  actionpack-3.1.10.gem
db1a3ac836d988dc1fc7c64d29ded7a277047419  activemodel-3.1.10.gem
ea3ad8514265516033009d97efc1fe7b3d2b09ed  activerecord-3.1.10.gem
0843646278b42d9ca796e157295851fd9938fe96  activeresource-3.1.10.gem
b55ef7f66de0bb79fcfa480e8df3696bffbff7f8  activesupport-3.1.10.gem
4ed7d159191faa1a469cd9efdf9e6a4cdc907195  rails-3.1.10.gem
f288986df0fabd2035569199ea3d5f1f46a56db7  railties-3.1.10.gem

### 3.0.19

[aaron@higgins dist]$ shasum *3.0.19*
f8376f907b2230ac75882e1a3cfa8d5cdd6df800  actionmailer-3.0.19.gem
68b319d86530a5d4291e13d6ab5f357a1e52c05b  actionpack-3.0.19.gem
f0fb577ea7446ff229752bc799ca86dd53aa9cda  activemodel-3.0.19.gem
c12324d78b22697d426148010901f79b366c0502  activerecord-3.0.19.gem
8dbc7c8c80f5baeec823966aa225b23f4c2a799c  activeresource-3.0.19.gem
b525b778f82f844a56ff993211825b9811bf82bd  activesupport-3.0.19.gem
c2beb0711d28a07cb2747c83962c7d453951e2d6  rails-3.0.19.gem
de286ada16b3fc76129767dc612926e0b4f71dda  railties-3.0.19.gem

### 2.3.15

[aaron@higgins dist]$ shasum *2.3.15*
5ce45c70851dd534a72814620a6e57b42d360b88  actionmailer-2.3.15.gem
fa174c40f17fa5db952ba3a7c95a4ab0b5467594  actionpack-2.3.15.gem
e7391c92c82f974be7e65765819824e87bdb3cfd  activerecord-2.3.15.gem
4644b7a27993f7860d9e176f51dfa52d8f029ec9  activeresource-2.3.15.gem
64843e3676c20a49060605546dfcdddaef2ea1a8  activesupport-2.3.15.gem
c8c0c49c63ca0f9acc3e0967b38d92b1c0b115af  rails-2.3.15.gem

E5d9c4e61d97776201c8b7b20bec9de5?d=identicon&s=25 "Henrik Ormåsen" <> (Guest)
on 2013-01-10 14:40
(Received via mailing list)
How about 2.2?

I'm using yaml, but not xml. How can I fix it?
6931a9ce86c1576520430add4e253325?d=identicon&s=25 Xiao Zhao (Guest)
on 2013-01-10 21:13
(Received via mailing list)
I've upgraded to 3.0.19 yesterday, should I upgrade again today or

gem "rails", "~> 3.0.19"

that's what's in my Gemfile
A47e0a6beeb9d048ff054fc1c3a97418?d=identicon&s=25 Walter Davis (walterdavis)
on 2013-01-10 21:16
(Received via mailing list)
AFAIK 3.0.19 is the latest version, the alert refers to updating to this
version. Keep an eye on the release channel (this list gets notified
very immediately) for any further updates coming soon. There may be
another version replacing 3.2.11, possibly the same fix will be rolled
into 3.0.x as well.

This topic is locked and can not be replied to.