Posted about 7 years ago. Visible to the public.

Installing Rails 2.3 LTS with Bundler

This document describes how to swap out the official Rails 2.3 gems with Rails 2.3 LTS Archive . If you have installed Rails LTS before and want to update to a newer version, please see our update instructions Archive .


  1. Make sure your project satisfies the system requirement for Rails LTS. This involves upgrading to Rails 2.3.18.

  2. The instructions below assume you are using Bundler Archive to manage your gem dependencies.
    If your project isn't using Bundler, you can either upgrade to Bundler Archive (recommended) or
    install Rails 2.3 LTS without Bundler.

  3. Make sure that you have a current version of Rubygems and Bundler, otherwise you might run into random errors with dependency resolution.

If you use Ruby 1.8.7, we recommend using

  • rubygems version 1.8.30
  • bundler version 1.17.3

On newer Rubies, you can use more modern versions of Rubygems and Bundler.

To update, run

  gem update --system 1.8.30
  gem install bundler -v '1.17.3'   

If you get an error "No gem names are allowed with the --system option" trying to update Rubygems, you can instead do this:

  gem uninstall rubygems-update
  # (uninstall all versions)
  gem install rubygems-update -v 1.8.30
  gem install bundler -v '1.17.3'


  1. Open the Bundler configuration file (Gemfile) in your project's root directory and find this line:

    gem 'rails'

    As a customer of a paid plan (Startup, Standard, Enterprise), replace that line with the following code:

    source '' do
      gem 'rails', '~>2.3.18'
      gem 'actionmailer',     :require => false
      gem 'actionpack',       :require => false
      gem 'activerecord',     :require => false
      gem 'activeresource',   :require => false
      gem 'activesupport',    :require => false
      gem 'railties',         :require => false
      gem 'railslts-version', :require => false

    Replace username and password with your personal credentials that you received after subscribing to Rails LTS.
    Make sure a colon (:) separates username and password. If you don't want these credentials in your Gemfile, you can also set them in an environment variable BUNDLE_GEMS__RAILSLTS__COM=username:password.

    As a subscriber to the free Community edition, use the following code instead:

    git '', :branch => '2-3-lts' do
      gem 'rails', '~>2.3.18'
      gem 'actionmailer',     :require => false
      gem 'actionpack',       :require => false
      gem 'activerecord',     :require => false
      gem 'activeresource',   :require => false
      gem 'activesupport',    :require => false
      gem 'railties',         :require => false
      gem 'railslts-version', :require => false

    You will not need a username or password for the Community edition.

    Note that our repositories are available via SSL (https) only, http://... will not work.

  2. Open config/environment.rb within your project directory and delete the following line:

    RAILS_GEM_VERSION = '2.3.xx' unless defined? RAILS_GEM_VERSION
  3. Run Bundler to complete the installation:

    bundle update rails

    If the clone process aborts with an error like "The requested URL returned error: 403" or "Cannot get remote repository information" your Git version is probably too old Archive . In such case you should upgrade your Git to version 1.7+ or you can install Rails LTS without Bundler.

  4. Decide whether to enable optional security enhancements shipped with Rails LTS.

    In order to keep maximum compatibility to the official Ruby on Rails releases, Rails LTS disables all additional security features by default. We do however recommend the :hardened configuration, which includes improvements we believe to be reasonable defaults for increased security in most applications.

  5. Confirm that you are running the latest version of Rails 2.3 LTS.

  6. Follow your normal release process (run tests, push, deploy to staging, do smoke testing, deploy to production).

Congratulations! You successfully deployed your application using Rails LTS. If you have chosen to subscribe to the Rails LTS Notification List when signing up, you will be notified whenever a new patch for Rails LTS becomes available.

Note on rack

Rails 2.3 depends on Rack version 1.4.x (which itself is not currently part of Rails LTS). It has some minor security issues on its own. We have a public fork on Github Archive that fixes these issues.

Note on rake

Rails 2.3 depends on Rake. Versions of rake < 12.3.3 have a security issue, and you cannot use rake 12 with Ruby 1.8.7. If you cannot upgrade to rake 12, we have a public fork on Github Archive that fixes the issue.

Note on mysql

If you have trouble using the mysql gem, you should try upgrading to mysql2 which is mostly a drop-in replacement. We suggest you use our fork on mysql2 which fixes some compilation issues on newer linux distros, by adding this to your Gemfile:

gem 'mysql2', git: '', branch: '0.2.x-lts'

Also, in your database.yml, change the adapter to mysql2.

Breaking changes

  • By default, Rails LTS does not allow for strings to be used in polymorphic path helpers, e.g. url_for(['edit', @user]) is not allowed. Symbols are fine. You can opt out of this change
  • Mimicking Rails 5, Rails 2.3 LTS will try to use YAML.safe_load to deserialize certain database column. See details
Henning Koch
Last edit
9 days ago
Tobias Kraze
About this deck
We are makandra and do test-driven, agile Ruby on Rails software development.