In a former blog-post<http://weblog.rubyonrails.org/2013/2/24/maintenance-policy-for-ruby-on-rails/>, the rails maintainer stated, that after the release of 4.0 only 3.2 will get maintenance. I wonder: When you check out http://www.cvedetails.com/version-list/12043/22568/1/Rubyonrails-Ruby-On-Rails.html, then you will notice that there is no entry for 3.1.12. Can this version be considered "secure"? Or are the vulnerabilities no longer tested against this specific version? Maybe someone can give a little insight, how the vulnerabilities are tested against all (?) releases for rails. For example new XSS vulnerabilities are being checked against 0.X - 4.X releases - as it seems, based on the CVE reports. Thanks for your insights & help, Kind regards, René -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/d0dc006e-3dd6-4cb8-904e-7d320566ce26%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.