Starting with Rails LTS 2.3.18.19, it is possible to run Rails LTS with modern versions of RubyGems (2.6.13 at the time of writing) if you are using Rails 2.3 LTS...
With RubyGems 2+, Rails LTS will restrict the following features which are now supplied by bundler: You will no longer be able to use config.gem...
...in environment.rb.
Rails LTS has been conceived as a drop-in replacement for Rails 2.3, 3.2, and 4.2. However, we do recommend that you go through the list below to make sure...
...that installing Rails LTS will work without problems. Rails 2.3 LTS Rails version Your application should run the latest release of the official Rails 2.3 gems. If you are running...
We have made all versions of Rails LTS compatible with Ruby 3.3 or below. All Rails components should work as expected with no deprecation warnings. However, upgrading Ruby will require...
...dependencies do not work on the latest Ruby. The upgrading steps vary for every Rails application, and increase with the number of third-party gems. We have ourselves successfully upgraded...
Rails LTS is a service of makandra, a team of Ruby developers and Linux system engineers based in Germany. We have more than 10 years of experience developing and operating...
...always taken security very seriously. This is a brief overview of how we handle Rails security issues for LTS, and how we operate the service: Handling of security issues
Rails LTS (<= 4.2) contains a fix for CVE-2021-22885, but this includes a breaking change you can opt out of. In Rails 5.2 LTS and upward you cannot opt...
...in your routes may reveal some kind of secret. This vulnerability is fixed in Rails LTS by disallowing strings to appear within arrays in all calls to redirect_to, url...
Please choose a Changelog for your version of Ruby on Rails: Rails 2.3 LTS Changelog Rails 3.2 LTS Changelog Rails 4.2 LTS Changelog Rails 5.2 LTS Changelog
Mimicking the offical change in Rails 5.1.8 to protect against CVE-2022-32224, all versions of Rails LTS try to use YAML.safe_load to deserialize database columns in ActiveRecord. This...
...Execution, by putting such malicious content into a serialized database column. Because of this, Rails LTS tries to use YAML.safe_load where possible, which will only allow deserialization of certain...
...use a mailing list to inform customers about security vulnerabilities and new releases of Rails LTS. You can subscribe to this list during the order process. You can also manually...
The Rails LTS service only covers security updates for the Rails framework, not for Ruby. As a courtesy to our customers, we sometimes backport security patches to legacy Ruby versions...
HTTP 403 Forbidden https://username:password@gems.railslts.com/versions These errors are not fatal, Rails LTS should still be installed correctly. This has been tested with all Bundler versions...
Best results in other decks
...Rails has a method ActiveRecord::Relation#merge that can merge ActiveRecord scopes. However, its behavior has never been clear, and in Rails 7 it still discards conditions on the same...
Every Rails response has a default ETag header. In theory this would enable caching for multiple requests to the same resource. Unfortunately the default ETags produced by Rails are effectively...
...random, meaning they can never match a future request. Understanding ETags When your Rails app responds with ETag headers, future requests to the same URL can be answered with an...