[Rails] [ANN] Rails version 3.1.5 has been released!

Ruby on Rails Thursday, May 31, 2012

Good news everyone! Rails version 3.1.5 has been released.

This release of Rails contains two important security fixes:

* CVE-2012-2660 Ruby on Rails Active Record Unsafe Query Generation Risk
* CVE-2012-2661 Ruby on Rails Active Record SQL Injection Vulnerability

It is suggested that all users upgrade immediately. For more information about
these issues, please see the annoumcenents on the rubyonrails-security
mailing list:

https://groups.google.com/group/rubyonrails-security

Specifically these announcements:

https://groups.google.com/group/rubyonrails-security/browse_thread/thread/f1203e3376acec0f
https://groups.google.com/group/rubyonrails-security/browse_thread/thread/7546a238e1962f59

Other changes for this release can be found in each component's CHANGELOG:

https://github.com/rails/rails/blob/3-1-stable/actionmailer/CHANGELOG.md
https://github.com/rails/rails/blob/3-1-stable/actionpack/CHANGELOG.md
https://github.com/rails/rails/blob/3-1-stable/activemodel/CHANGELOG.md
https://github.com/rails/rails/blob/3-1-stable/activerecord/CHANGELOG.md
https://github.com/rails/rails/blob/3-1-stable/activesupport/CHANGELOG.md
https://github.com/rails/rails/blob/3-1-stable/railties/CHANGELOG.md

All changes can be found here:

https://github.com/rails/rails/compare/v3.1.4...v3.1.5

I want to give a special thanks to Ben Murphy for responsibly reporting the two
security issues that are fixed in this release. Thank you very much!

<3<3<3

--
Aaron Patterson
http://tenderlovemaking.com/

Posted by Ruby on Rails at 11:36 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)