Posted about 1 year ago. Visible to the public.
Rails 4.2 LTS Changelog
Apr 11th, 2019: Version 184.108.40.206
- Added some compatibility fixes to facilitate running Rails 4.2 LTS on Ruby 2.6.
Note: We do not officially support Ruby 2.6, so run it at your own risk. Rails unit tests pass with Ruby 2.6 as of this release.
Mar 22nd, 2019: Amendment to CVE-2019-5418
- The previously reported CVE 2019-5418 has been upgraded to possible remote code execution. Rails LTS 220.127.116.11 protects your application against this exploit.
Mar 14th, 2019: Version 18.104.22.168
- Merged upstream fixes for ActionView format / MIME type parsing (CVE-2019-5418 and CVE-2019-5419) (see details)
- Confirmed that 4.2 LTS is not affected by CVE-2019-5420.
Oct 28th, 2018: Version 22.214.171.124
- Improve compatibility with Rails 2.3 and 3.2 LTS by defining
ActionDispatch::Http::ParamsHashWithIndifferentAccess. This fixes potentially issues for users upgrading from LTS versions < 4, and should not affect anyone else. See here for a description of the issue.
Oct 28th, 2018: Version 126.96.36.199
- Merge patch for broken access control vulnerability in Active Job (CVE-2018-16476).
Oct 25th, 2018: Version 188.8.131.52
- This release is identical to 184.108.40.206.
- There is a chance the Rails core team might release an official 220.127.116.11 for security fixes after the end of the maintenance period. To avoid conflicts, we skip some versions ahead.
Sep 28th, 2018: Version 18.104.22.168
- Initial release of the LTS version of Rails 4.2.
- This is identical to the official 4.2.10 release, except for the additional Rails LTS hardening options.
- Supports Ruby 2.1, 2.3, and 2.5.