101 System requirements
Compatibility requirements for Rails LTS include supported Rails, Ruby, Bundler, and database versions before upgrading an existing application.
102 Installing Rails LTS
Rails LTS installation varies by Rails version; separate guides exist for 2.3, 3.2, 4.2, 5.2, 6.1, and 7.2, plus update instructions for existing installs.
103 Installing Rails 2.3 LTS with Bundler
Rails 2.3 apps can switch to Rails 2.3 LTS for maintained patches and optional security hardening, with Bundler-based installation and legacy dependency adjustments.
103 Installing Rails 2.3 LTS without Bundler
Rails 2.3 LTS installation without Bundler for legacy apps, including gem replacement, version pinning, and optional security changes.
103 Installing Rails 3.2 LTS
Replace official Rails 3.2 gems with Rails 3.2 LTS to keep legacy applications maintainable, with subscription credentials, Bundler compatibility, and optional security hardening.
103 Installing Rails 4.2 LTS
Rails 4.2 applications can be moved to Rails 4.2 LTS by swapping gems and configuring private package access for continued patches and optional security hardening.
103 Installing Rails 5.2 LTS
Swap the official Rails 5.2 gems for Rails 5.2 LTS to keep an older app receiving patched releases, using private gem server credentials and Bundler configuration.
103 Installing Rails 6.1 LTS
Swap the official Rails 6.1 gems for Rails 6.1 LTS by updating Bundler credentials and gem source, then verify compatibility and deploy normally.
103 Installing Rails 7.2 LTS
Switching a Rails 7.2 app to Rails LTS replaces official gems with a maintained subscription build, keeping compatibility with the latest Rails 7.2 release.
104 Enabling additional security features in Rails LTS
Rails LTS offers optional hardening settings to reduce XSS, query ambiguity, and parameter-parsing risks in older Rails applications.
104 Updating Rails LTS to a newer version
Updating a Rails LTS app to a newer gem version can require bundle update rails and a cleanup of legacy version pinning in config/environment.rb.
105 How to find out your current Rails LTS version
Find the installed Rails LTS release by checking the gem path, gem list, or RailsLts::VERSION; older installs may lack version reporting.
106 RubyGems 2.x support for Rails 2.3 LTS
Rails 2.3 LTS can run with RubyGems 2+ when Bundler is used, but gem declarations, gem unpacking, and local generator lookup are restricted.
107 Subscribe to the LTS mailing list
Customers can receive notifications about security vulnerabilities and new Rails LTS releases by subscribing to a mailing list during order or manually.
110 Known issue: HTTP 403 error in "bundle install --verbose" output
Bundler 1.12+ may print HTTP 403 Forbidden for the compact gem index, but Rails LTS still installs correctly after falling back to the old index.
201 Changelogs
Choose the changelog for a specific Ruby on Rails version, including the LTS releases from 2.3 through 7.2.
202 Rails 2.3 LTS Changelog
LTS changelog for Rails 2.3 and Rack 1.4 backports security fixes, compatibility updates, and bug repairs for older applications.
204 Rails 3.2 LTS Changelog
Security and compatibility updates for Rails 3.2 LTS and backported Rack fixes address CVEs, ReDoS, DoS, XSS, and Ruby version support.
205 Rails 4.2 LTS Changelog
Rails 4.2 LTS receives continued security backports, Rack updates, and compatibility fixes for newer Ruby versions and Bundler.
206 Rails 5.2 LTS Changelog
Security and compatibility updates for Rails 5.2 LTS, including backported fixes for XSS, ReDoS, DoS, path traversal, and Rack vulnerabilities.
207 Rails 6.1 LTS Changelog
Rails 6.1 LTS security releases and dependency bumps backport vulnerability fixes in Rails and Rack, including XSS, ReDoS, path traversal, and log injection.
208 7.2 Changelog
Initial Rails 7.2 LTS release with a backported CVE-2026-41316 fix and Ruby 3.1+ support, closely matching Rails 7.2.3.1.
209 List of CVEs addressed by Rails LTS
Rails LTS CVE status list for versions 2.3+ tracks which security issues are fixed, unaffected, or partially mitigated across Rails and Rack releases.
210 Fixing 'uninitialized constant / undefined class/module ActionDispatch::Http::ParamsHashWithIndifferentAccess' when migrating away from Rails LTS
Serialized params from Rails LTS can fail to load after upgrading, with missing constant errors for ActionDispatch::Http::ParamsHashWithIndifferentAccess. An initializer alias to ActionController::Parameters restores compatibility.