Hi everyone, Rails 2.3.14 has been released. This release contains critical security fixes. ## CHANGES You can find an exhaustive list of changes on [github](https://github.com/rails/rails/compare/v2.1.12...v2.1.14). Here are some notable excerpts: ### 4 Security Fixes * [Response Splitting](http://groups.google.com/group/rubyonrails-security/browse_thread/thread/6ffc93bde0298768) * [SQL Injection issues](http://groups.google.com/group/rubyonrails-security/browse_thread/thread/6a1e473744bc389b) * [Parse error in `strip_tags`](http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b9130749b74ea12) * [UTF-8 escaping vulnerability](http://groups.google.com/group/rubyonrails-security/browse_thread/thread/56bffb5923ab1195) Please follow the links to see specific information about each vulnerability, along with individual patches for fixing them. Also remember to subscribe to the [Ruby on Rails Security mailing list](http://groups.google.com/group/rubyonrails-security). ### 2 Bug Fixes * Rescue from RDoc task errors * OrderedHash can merge with blocks ## THE END Thanks! <3 -- Aaron Patterson http://tenderlovemaking.com/
The changelog link is here: https://github.com/rails/rails/compare/v2.3.12...v2.3.14 (https://github.com/rails/rails/compare/v2.1.12...v2.1.14). Just got the minor number wrong, which is a minor problem. Thanks again for your fabulous work Aaron! On Wednesday, 17 August 2011 at 9:32 AM, Aaron Patterson wrote:> (https://github.com/rails/rails/compare/v2.1.12...v2.1.14).-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-core+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en.
On Wed, Aug 17, 2011 at 09:47:23AM +1000, Ryan Bigg wrote:> The changelog link is here: https://github.com/rails/rails/compare/v2.3.12...v2.3.14 (https://github.com/rails/rails/compare/v2.1.12...v2.1.14). Just got the minor number wrong, which is a minor problem.Doh! Thanks for letting me know. I''ll update the blog post.> Thanks again for your fabulous work Aaron!No problem. Thanks for the hard work you do as well. :-) -- Aaron Patterson http://tenderlovemaking.com/