Rails 2.3.4 is out, security vulnerabilities fixed

September 5, 2009

Rails 2.3.4 is out, just a few weeks after the 2.3.3. There are no new features, the reason for this quick release are the 2 vulnerabilities found in the Rails code (one is a possible XSS epxloit and the other is a cookie hack. The release notes state that over 100 small bugs were fixed as well.

However, given the amount of problems some users have (see some comments here) – mostly as it seems with Ruby 1.9, you might want to just patch the vulnerabilities for now, or at least test before you upgrade on production ;) .

Entry Filed under: Uncategorized. Tags: .

Leave a Comment

Required

Required, hidden

Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Trackback this post  |  Subscribe to the comments via RSS Feed

Recent posts

Starting to learn Rails?

Here are 3 books that you need to read:
1 - The Ruby Programming Language
2 - Agile Web Development with Rails, Third Edition
3 - Programming Ruby 1.9: The Pragmatic Programmers' Guide (Facets of Ruby)
This is really (almost) all you need

Archive

Recent comments

gogetakame on Installing Rails on Windows (3…
gogetakame on Installing Rails on Windows (3…
allaboutruby on Installing Rails on Windows (3…
Harsha on Installing Rails on Windows (3…
Eddy Josafat on Google Maps API in Rails (YM4R…