27 cards
Posted over 6 years ago. Visible to the public.

Installing Rails 2.3 LTS with Bundler

This document describes how to swap out the official Rails 2.3 gems with Rails 2.3 LTS Archive . If you have installed Rails LTS before and want to update to a newer version, please see our update instructions Archive .


  1. Make sure your project satisfies the system requirement for Rails LTS. This involves upgrading to Rails 2.3.18.

  2. The instructions below assume you are using Bundler Archive to manage your gem dependencies.
    If your project isn't using Bundler, you can either upgrade to Bundler Archive (recommended) or
    install Rails 2.3 LTS without Bundler.

  3. Make sure that you have a current version of Rubygems and Bundler, otherwise you might run into random errors with dependency resolution.

If you use Ruby 1.8.7, we recommend using

  • rubygems version 1.8.30
  • bundler version 1.17.3

On newer Rubies, you can use more modern versions of Rubygems and Bundler.

To update, run

gem update --system 1.8.30 gem install bundler -v '1.17.3'

If you get an error "No gem names are allowed with the --system option" trying to update Rubygems, you can instead do this:

gem uninstall rubygems-update # (uninstall all versions) gem install rubygems-update -v 1.8.30 update_rubygems gem install bundler -v '1.17.3'


  1. Open the Bundler configuration file (Gemfile) in your project's root directory and find this line:

    gem 'rails'

    As a customer of a paid plan (Startup, Standard, Enterprise), replace that line with the following code:

    source 'https://username:password@gems.railslts.com' do gem 'rails', '~>2.3.18' gem 'actionmailer', :require => false gem 'actionpack', :require => false gem 'activerecord', :require => false gem 'activeresource', :require => false gem 'activesupport', :require => false gem 'railties', :require => false gem 'railslts-version', :require => false end

    Replace username and password with your personal credentials that you received after subscribing to Rails LTS.
    Make sure a colon (:) separates username and password. If you don't want these credentials in your Gemfile, you can also set them in an environment variable BUNDLE_GEMS__RAILSLTS__COM=username:password.

    As a subscriber to the free Community edition, use the following code instead:

    git 'https://github.com/makandra/rails.git', :branch => '2-3-lts' do gem 'rails', '~>2.3.18' gem 'actionmailer', :require => false gem 'actionpack', :require => false gem 'activerecord', :require => false gem 'activeresource', :require => false gem 'activesupport', :require => false gem 'railties', :require => false gem 'railslts-version', :require => false end

    You will not need a username or password for the Community edition.

    Note that our repositories are available via SSL (https) only, http://... will not work.

  2. Open config/environment.rb within your project directory and delete the following line:

    RAILS_GEM_VERSION = '2.3.xx' unless defined? RAILS_GEM_VERSION
  3. Run Bundler to complete the installation:

    bundle update rails

    If the clone process aborts with an error like "The requested URL returned error: 403" or "Cannot get remote repository information" your Git version is probably too old Archive . In such case you should upgrade your Git to version 1.7+ or you can install Rails LTS without Bundler.

  4. Decide whether to enable optional security enhancements shipped with Rails LTS.

    In order to keep maximum compatibility to the official Ruby on Rails releases, Rails LTS disables all additional security features by default. We do however recommend the :hardened configuration, which includes improvements we believe to be reasonable defaults for increased security in most applications.

  5. Confirm that you are running the latest version of Rails 2.3 LTS.

  6. Follow your normal release process (run tests, push, deploy to staging, do smoke testing, deploy to production).

Congratulations! You successfully deployed your application using Rails LTS. If you have chosen to subscribe to the Rails LTS Notification List when signing up, you will be notified whenever a new patch for Rails LTS becomes available.

Note on rack

Rails 2.3 depends on Rack version 1.4.x (which itself is not currently part of Rails LTS). It has some minor security issues on its own. We have a public fork on Github Archive that fixes these issues.

Note on rake

Rails 2.3 depends on Rake. Versions of rake < 12.3.3 have a security issue, and you cannot use rake 12 with Ruby 1.8.7. If you cannot upgrade to rake 12, we have a public fork on Github Archive that fixes the issue.

Breaking changes

By default, Rails LTS does not allow for strings to be used in polymorphic path helpers, e.g. url_for(['edit', @user]) is not allowed. Symbols are fine. You can opt out of this change

Owner of this card:

Henning Koch
Last edit:
2 months ago
by Tobias Kraze
This website uses short-lived cookies to improve usability.
Accept or learn more