Rails LTS 3.2 Changelog
Jan 16th, 2017: Version 18.104.22.168
Merged Ruby 2.3 compatibility fixes from the rails/3-2-stable branch.
Ruby 2.3 is now officially supported.
Aug 12th, 2016: Version 22.214.171.124
Merged a fix from the rails/3-2-stable branch:
Mar 1st, 2016: Version 126.96.36.199
- Change to the rails gemspec, to prevent Bundler from installing outdated rails versions under rare circumstances
- Functionally identical to 188.8.131.52.
Mar 1st, 2016: Version 184.108.40.206
- Fixes CVE-2016-2097: Possible Information Leak Vulnerability in Action View
- Fixes CVE-2016-2098: Possible remote code execution vulnerability in Action Pack
Jan 26th, 2016: Version 220.127.116.11
Merged several security fixes from the rails/3-2-stable branch, that include
- a fix for CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller
- a fix for CVE-2016-0751: Possible Object Leak and Denial of Service attack in Action Pack
- a fix for CVE-2015-7577: Nested attributes rejection proc bypass in Active Record
- a fix for CVE-2015-7581: Object leak vulnerability for wildcard controller routes in Action Pack
Additionally backported the following:
- a fix for CVE-2016-0752: Possible Information Leak Vulnerability in Action View
- a fix for CVE-2016-0753: Possible Input Validation Circumvention in Active Model
November 2nd, 2015: Version 18.104.22.168
- Add support for private gem servers.
June 17th, 2015: Version 22.214.171.124
- Add additional security features, such as the hardened default configuration.
June 17th, 2015: Version 126.96.36.199
- Ruby 2.2 compatibility
- Fix test suite
December 10th, 2014: Version 188.8.131.52
- Initial release.