Good news everyone! Rails version 3.2.8 has been released.

IMPORTANT

This version contains three important security fixes, please upgrade immediately.

• CVE-2012-3463 Ruby on Rails Potential XSS Vulnerability in select_tag prompt
• CVE-2012-3464 Potential XSS Vulnerability in Ruby on Rails
• CVE-2012-3465 XSS Vulnerability in strip_tags

One of security fixes impacts all users and is related to HTML escaping code. The other two fixes impacts people using select_tag’s prompt option and strip_tags helper from ActionPack.

We are also removing all the deprecation warnings that we introduced in 3.2.x. We have decided to stop introducing API deprecations in all point releases going forward. From now on, it’ll only happen in majors/minors.

CHANGES since 3.2.7

Action Mailer

• No changes

Action Pack

• html_escape should escape single quotes. Santiago Pastorino

• Reverted the deprecation of :confirm. Rafael Mendonça França

• Reverted the deprecation of :disable_with. Rafael Mendonça França

• Reverted the deprecation of :mouseover option to image_tag. Rafael Mendonça França

• Reverted the deprecation of button_to_function and link_to_function helpers. Rafael Mendonça França

Active Model

• No changes

Active Record

• Do not set RAILS_ENV to “development” when using db:test:prepare and related rake tasks. This was causing the truncation of the development database data when using RSpec. In RC2 was fixed again when using config.active_record.schema_format = :sql Rafael Mendonça França

• Do not consider the numeric attribute as changed if the old value is zero and the new value is not a string. Fixes #7237. Rafael Mendonça França

• Removes the deprecation of update_attribute. fxn

• Reverted the deprecation of composed_of. Rafael Mendonça França

• Reverted the deprecation of *_sql association options. They will be deprecated in 4.0 instead. Jon Leighton

• Do not eager load AR session store. ActiveRecord::SessionStore depends on the abstract store in Action Pack. Eager loading this class would break client code that eager loads Active Record standalone. Fixes #7160

  Xavier Noria

• Do not set RAILS_ENV to “development” when using db:test:prepare and related rake tasks. This was causing the truncation of the development database data when using RSpec. Fixes #7175.

  Rafael Mendonça França

Active Resource

• No changes

Active Support

• Fix ActiveSupport integration with Mocha > 0.12.1. Mike Gunderloy

• Reverted the deprecation of ActiveSupport::JSON::Variable. Rafael Mendonça França

Railties

• ERB scaffold generator use the :data => { :confirm => "Text" } syntax instead of :confirm. Rafael Mendonça França

SHA-1

• 20525face84f3cdc8b0fc039e0f75ec4963e3677 actionmailer-3.2.8.gem
• ccc63cc2fcb3131b92d45cf5834aa629857d7258 actionpack-3.2.8.gem
• df7fb9febe248201fd1ad741a2044324f4c90cc9 activemodel-3.2.8.gem
• 96e876f625b98915d2b1994c06ea057bf7dd23b8 activerecord-3.2.8.gem
• 195e1e4653e6e06f469ea20e181727ef9d940ee7 activeresource-3.2.8.gem
• e5136f556b62343425cc147a8990bd043430354d activesupport-3.2.8.gem
• 35581ffc256d73d217537170b0e116cf4545752e rails-3.2.8.gem
• e44accc5d057866087856a521398250fe082b70b railties-3.2.8.gem

You can find an exhaustive list of changes on github.

Thanks to everyone!

Good news everyone! Rails version 3.1.8 has been released.

This release of Rails contains three important security fixes:

• CVE-2012-3463 Ruby on Rails Potential XSS Vulnerability in select_tag prompt
• CVE-2012-3464 Potential XSS Vulnerability in Ruby on Rails
• CVE-2012-3465 XSS Vulnerability in strip_tags

All changes can be found on github.

Thanks everyone!

Good news everyone! Rails version 3.0.17 has been released.

This release of Rails contains three important security fixes:

• CVE-2012-3463 Ruby on Rails Potential XSS Vulnerability in select_tag prompt
• CVE-2012-3464 Potential XSS Vulnerability in Ruby on Rails
• CVE-2012-3465 XSS Vulnerability in strip_tags

All changes can be found on github.

Thanks everyone!

Hi everyone,

Rails 3.2.8.rc2 has been released. If no regressions are found we will release 3.2.8 final around Wednesday 8th.

IMPORTANT

We are removing all the deprecation warnings that we introduced in 3.2.x. We have decided to stop introducing API deprecations in all point releases going forward. From now on, it’ll only happen in majors/minors.

CHANGES since 3.2.8.rc1

Action Mailer

• No changes

Action Pack

• html_escape should escape single quotes. Santiago Pastorino

Active Model

• No changes

Active Record

• Do not set RAILS_ENV to “development” when using db:test:prepare and related rake tasks. This was causing the truncation of the development database data when using RSpec. In RC2 was fixed again when using config.active_record.schema_format = :sql Rafael Mendonça França

• Do not consider the numeric attribute as changed if the old value is zero and the new value is not a string. Fixes #7237. Rafael Mendonça França

Active Resource

• No changes

Active Support

• Fix ActiveSupport integration with Mocha > 0.12.1. Mike Gunderloy

Railties

• ERB scaffold generator use the :data => { :confirm => "Text" } syntax instead of :confirm. Rafael Mendonça França

SHA-1

• 351b13c792517534b68df02f550cfc335c8d3f5f actionmailer-3.2.8.rc2.gem
• 0b0f92bb3f2fad426f3b9c0849e5f5457c029586 actionpack-3.2.8.rc2.gem
• c19868c2f4fc20ebf20c1a27c89a65b80592b6e6 activemodel-3.2.8.rc2.gem
• 9d247e14feb6d453aded4ba9edc8bae1cf940891 activerecord-3.2.8.rc2.gem
• 7db76b428fdec2aeea190773d5daea139c7732ba activeresource-3.2.8.rc2.gem
• b93d62722c854fde8acda511f53481c4f3ceeaf2 activesupport-3.2.8.rc2.gem
• 7fd2e2035469e89e17b3872d51968a5856d6ed8c rails-3.2.8.rc2.gem
• bf685a73a55fd5ffa77c7c0160b2bec898fa15eb railties-3.2.8.rc2.gem

You can find a list of changes between v3.2.8.rc1 and v3.2.8.rc2 here and an exhaustive list of changes since v3.2.7 here.

Thanks to everyone!

Hi everyone,

Rails 3.2.8.rc1 has been released. If no regressions are found we will release 3.2.8 final on Friday.

IMPORTANT

We are removing all the deprecation warnings that we introduced in 3.2.x. We have decided to stop introducing API deprecations in all point releases going forward. From now on, it’ll only happen in majors/minors.

CHANGES since 3.2.7

Action Mailer

• No changes

Action Pack

• Reverted the deprecation of :confirm. Rafael Mendonça França

• Reverted the deprecation of :disable_with. Rafael Mendonça França

• Reverted the deprecation of :mouseover option to image_tag. Rafael Mendonça França

• Reverted the deprecation of button_to_function and link_to_function helpers. Rafael Mendonça França

Active Model

• No changes

Active Record

• Removes the deprecation of update_attribute. fxn

• Reverted the deprecation of composed_of. Rafael Mendonça França

• Reverted the deprecation of *_sql association options. They will be deprecated in 4.0 instead. Jon Leighton

• Do not eager load AR session store. ActiveRecord::SessionStore depends on the abstract store in Action Pack. Eager loading this class would break client code that eager loads Active Record standalone. Fixes #7160

  Xavier Noria

• Do not set RAILS_ENV to “development” when using db:test:prepare and related rake tasks. This was causing the truncation of the development database data when using RSpec. Fixes #7175.

  Rafael Mendonça França

Active Resource

• No changes

Active Support

• Reverted the deprecation of ActiveSupport::JSON::Variable. Rafael Mendonça França

Railties

• No changes

SHA-1

• 2e12c71925f8f7f5f05e3225f80e9359db8b0401 actionmailer-3.2.8.rc1.gem
• d6947496fb560393d7eeb18fbb77e7ee2dff2a37 actionpack-3.2.8.rc1.gem
• 4be43d52aa3af70f154101b605ac80c45f0b68ff activemodel-3.2.8.rc1.gem
• 84bc989af7f1bd2e9320fa39d80ca783e3499e94 activerecord-3.2.8.rc1.gem
• 0ba8e537711adabd81fec69f4762a32c5ceb381c activeresource-3.2.8.rc1.gem
• 74c2445d8d2541e04e10a969d2ce14419ee3bb9d activesupport-3.2.8.rc1.gem
• 470bc8d4402b44e9f5f82f0610d31e6e6945b897 rails-3.2.8.rc1.gem
• b615346580471aa6dcf338826824f78d0aec8512 railties-3.2.8.rc1.gem

You can find an exhaustive list of changes on github.

Thanks to everyone!

Good news everyone! Rails version 3.2.7 has been released.

This version contains an important security fix, please upgrade immediately. The security fix impacts people using digest authentication from Action Pack. You can read more about the problem here.

Thank you to Charlie Somerville for reporting the problem and sending a patch.

The rest of the changes can be found in the CHANGELOG file for each gem:

• Action Mailer
• Action Pack
• Active Model
• Active Record
• Active Resource
• Active Support
• Railties

A comprehensive list of changes can be found on github.

Thanks to all the contributors, especially everyone who tested the release candidate. I appreciate it!

<3<3

Good news everyone! Rails version 3.1.7 has been released.

This version contains an important security fix, please upgrade immediately. The security fix impacts people using digest authentication from Action Pack. You can read more about the problem here.

Thank you to Charlie Somerville for reporting the problem and sending a patch.

This release only contains the security fix, but you can still take a look at the changelog for each gem (if you like):

• Action Mailer
• Action Pack
• Active Model
• Active Record
• Active Resource
• Active Support
• Railties

A comprehensive list of changes can be found on github.

Thanks to all the contributors, especially everyone who tested the release candidate. I appreciate it!

<3<3

Good news everyone! Rails version 3.0.16 has been released.

This version contains an important security fix, please upgrade immediately. The security fix impacts people using digest authentication from Action Pack. You can read more about the problem here.

Thank you to Charlie Somerville for reporting the problem and sending a patch.

This release only contains the security fix, but you can still take a look at the changelog for each gem (if you like):

• Action Mailer
• Action Pack
• Active Model
• Active Record
• Active Resource
• Active Support
• Railties

A comprehensive list of changes can be found on github.

Thanks to all the contributors, especially everyone who tested the release candidate. I appreciate it!

<3<3

Good news everyone! Rails version 3.2.6 has been released.

This release of Rails contains two important security fixes:

• CVE-2012-2694 Ruby on Rails Unsafe Query Generation Risk in Ruby on Rails
• CVE-2012-2695 Ruby on Rails SQL Injection

Please note that the last round of security fixes DO NOT cover the situations that these patches fix. Therefore it is suggested that all users upgrade immediately. For more information about these issues, please see the annoumcenents on the rubyonrails-security mailing list.

Other changes for this release can be found in each component’s CHANGELOG:

• Action Mailer
• Action Pack
• Active Model
• Active Record
• Active Support
• Railties

All changes can be found here.

<3<3<3

Good news everyone! Rails version 3.1.6 has been released.

This release of Rails contains two important security fixes:

• CVE-2012-2694 Ruby on Rails Unsafe Query Generation Risk in Ruby on Rails
• CVE-2012-2695 Ruby on Rails SQL Injection

Please note that the last round of security fixes DO NOT cover the situations that these patches fix. Therefore it is suggested that all users upgrade immediately. For more information about these issues, please see the annoumcenents on the rubyonrails-security mailing list.

Other changes for this release can be found in each component’s CHANGELOG:

• Action Mailer
• Action Pack
• Active Model
• Active Record
• Active Support
• Railties

All changes can be found here.

<3<3<3