This release contains fixes for possible XSS problems in your rails application. It is unlikely that your application is vulnerable, but you should take precautions by updating your application.
For more information about the XSS issue that was fixed in this release, please read this blog post.
Hi everyone! I’ve released Rails version 3.0.8!
I know I told you I would release Rails 3.0.8 on June 2nd. I may put many hearts in my emails, but I’m quite serious about sticking to announced deadlines. The reason this release was delayed is due to the above security issue. I needed to coordinate three different versions to be released simultaniously, and that delayed this release.
Sorry about that! Barring “perfect storm” issues like this, I will keep you up to date on release dates as I know them. :-)
The big changes in this release are:
- Fixing Rake 0.9.x integration
- Fixing rubygems deprecation warnings
- Refactoring YAML support to work well with Psych and Syck
- Joins on polymorphic
has_oneassociations are fixed
For an exaustive log of changes, please see the commit list on github, or the CHANGELOG for each project.