Thursday, June 4, 2015
On Wednesday, June 3, 2015 at 11:11:41 PM UTC+1, Elizabeth McGurty wrote:
I have build an application. My shared web server is with DreamHost. The permitted Rails version is 3.0.3, and permitted Ruby version is 1.8.7.
With this information, when I recently announced here that I had made some progress in better utilizing table associations, a member here, Colin Law, responded:
"Rails 3.0 is long obsolete and, I believe, no longer receives even security updates, it should not be used for production applications."
What are the facts here? Are none of you using Rails 3.x?
You've had some answers about rails, but ruby 1.8.7 is also no longer receiving security updates from the ruby core team (some linux distributions are back porting security fixes).
Even if you are stuck on rails 3.0.x, you really don't want to use 3.0.3 - the last in that series was 3.0.20 - you're missing out on nearly 2.5 years of bug fixes & security fixes,such as
https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ
https://groups.google.com/forum/#!topic/rubyonrails-security/DCNTNp_qjFM
https://groups.google.com/forum/#!topic/rubyonrails-security/l4L0TEVAz1k
You are almost certainly vulnerable to remote code execution, sql injection etc.
Fred
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/e8c8fa11-0b40-48b5-917b-a86490a94a1f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment