24 cards
View
Posted almost 2 years ago. Visible to the public.

Rails 4.2 LTS Changelog

Jun 17th, 2020: Announcement regarding CVE-2020-8184

  • No Rails 4.2 LTS release was necessary.
  • We backported the patch to our forked version of rack 1.6.

May 19th, 2020: Version 4.2.11.16

May 16th, 2020: Version 4.2.11.15

May 15th, 2020: Announcement regarding CVE-2020-8161 and CVE-2018-16471

Mar 20th, 2020: Version 4.2.11.14

  • Fixed an XSS vulnerability in #escape_javascript (CVE-2020-5267), see details

Dec 22nd, 2019: Announcement regarding CVE-2019-16782

  • No Rails 4.2 LTS release was necessary.
  • Users using the activerecord-session_store gem can upgrade to our fork.
  • For more information read our advisory.

Apr 11th, 2019: Version 4.2.11.13

  • Added some compatibility fixes to facilitate running Rails 4.2 LTS on Ruby 2.6.

Note: We do not officially support Ruby 2.6, so run it at your own risk. Rails unit tests pass with Ruby 2.6 as of this release.

Mar 22nd, 2019: Amendment to CVE-2019-5418

  • The previously reported CVE 2019-5418 has been upgraded to possible remote code execution. Rails LTS 4.2.11.12 protects your application against this exploit.

Mar 14th, 2019: Version 4.2.11.12

  • Merged upstream fixes for ActionView format / MIME type parsing (CVE-2019-5418 and CVE-2019-5419) (see details)
  • Confirmed that 4.2 LTS is not affected by CVE-2019-5420.

Oct 28th, 2018: Version 4.2.11.11

  • Improve compatibility with Rails 2.3 and 3.2 LTS by defining ActionDispatch::Http::ParamsHashWithIndifferentAccess. This fixes potentially issues for users upgrading from LTS versions < 4, and should not affect anyone else. See here for a description of the issue.

Oct 28th, 2018: Version 4.2.11.10

Oct 25th, 2018: Version 4.2.10.10

  • This release is identical to 4.2.10.1.
  • There is a chance the Rails core team might release an official 4.2.10.1 for security fixes after the end of the maintenance period. To avoid conflicts, we skip some versions ahead.

Sep 28th, 2018: Version 4.2.10.1

  • Initial release of the LTS version of Rails 4.2.
  • This is identical to the official 4.2.10 release, except for the additional Rails LTS hardening options.
  • Supports Ruby 2.1, 2.3, and 2.5.

Owner of this card:

Avatar
Tobias Kraze
Last edit:
21 days ago
by Emanuel De
This website uses cookies to improve usability and analyze traffic.
Accept or learn more