Good news everyone! Rails version 3.1.6 has been released.
This release of Rails contains two important security fixes:
- CVE-2012-2694 Ruby on Rails Unsafe Query Generation Risk in Ruby on Rails
- CVE-2012-2695 Ruby on Rails SQL Injection
Please note that the last round of security fixes DO NOT cover the situations that these patches fix. Therefore it is suggested that all users upgrade immediately. For more information about these issues, please see the annoumcenents on the rubyonrails-security mailing list.
Other changes for this release can be found in each component’s CHANGELOG:
All changes can be found here.