Rails 3.2 LTS Changelog
Jan 23rd, 2019: Version 22.214.171.124
- Add compatibility for Ruby 2.5.
Aug 27th, 2018: Version 126.96.36.199
Jun 21st, 2018: Version 188.8.131.52
Require sprockets version 2.2.3, since 2.2.1 and 2.2.2 are vulnerable to an information leak attack. More Details
Mar 20th, 2018: Not affected by sanitization CVEs
A vulnerability was disclosed for some Ruby sanitization gems like loofah (CVE-2018-8048) and sanitize (CVE-2018-3740). This also affects recent Rails versions, whose
sanitize() helper depends on loofah.
We have confirmed that the
sanitize() helper in Rails 3.2 is not affected by this issue.
Note that if your application uses one of the affected gems directly, you may still be affected and should update to the latest version of these gems.
Jan 16th, 2017: Version 184.108.40.206
Merged Ruby 2.3 compatibility fixes from the rails/3-2-stable branch.
Ruby 2.3 is now officially supported.
Aug 12th, 2016: Version 220.127.116.11
Merged a fix from the rails/3-2-stable branch:
Mar 1st, 2016: Version 18.104.22.168
- Change to the rails gemspec, to prevent Bundler from installing outdated rails versions under rare circumstances
- Functionally identical to 22.214.171.124.
Mar 1st, 2016: Version 126.96.36.199
- Fixes CVE-2016-2097: Possible Information Leak Vulnerability in Action View
- Fixes CVE-2016-2098: Possible remote code execution vulnerability in Action Pack
Jan 26th, 2016: Version 188.8.131.52
Merged several security fixes from the rails/3-2-stable branch, that include
- a fix for CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller
- a fix for CVE-2016-0751: Possible Object Leak and Denial of Service attack in Action Pack
- a fix for CVE-2015-7577: Nested attributes rejection proc bypass in Active Record
- a fix for CVE-2015-7581: Object leak vulnerability for wildcard controller routes in Action Pack
Additionally backported the following:
- a fix for CVE-2016-0752: Possible Information Leak Vulnerability in Action View
- a fix for CVE-2016-0753: Possible Input Validation Circumvention in Active Model
November 2nd, 2015: Version 184.108.40.206
- Add support for private gem servers.
June 17th, 2015: Version 220.127.116.11
- Add additional security features, such as the hardened default configuration.
June 17th, 2015: Version 18.104.22.168
- Ruby 2.2 compatibility
- Fix test suite
December 10th, 2014: Version 22.214.171.124
- Initial release.