An expectation like this will fail with Rails LTS 2.3: should render_template(:edit) The error will look like this: expecting but rendering with <""> This is an issue with rspec...

...rails 1.x monkey-patching into ActionController during controller specs. Fix To fix this, use our compatibility fork of rspec-rails 1.3. If you are using Rails 2.3 LTS with...

With Rails 3.2 LTS your RSpec 2 controller specs might fail with an error like this: NoMethodError: undefined method `[]' for nil:NilClass Fix To fix this, use our compatibility fork...

...of rspec-rails 2.14. You can switch to the fork by updating your Gemfile: gem 'rspec-rails', :git => 'https://github.com/makandra/rspec-rails.git', :branch => '2-14-lts' Now run bundle update rspec...

...monkey-patch fixing this vulnerability. CVE-2023-23913 This affects the jquery-ujs / prototype-ujs / rails-ujs gems / npm packages which are not part of Rails LTS itself. We will...

...bundled rails_ujs using the asset pipeline. Unfixed for Rails 5.2 LTS when using the rails-ujs npm package. CVE-2023-27530 Fixed in Rails 2.3 / 3.2 LTS's version...

...File Inclusion in Rack::Static. Read the announcement March 11th, Rails version 2.3.18.59 Removed the railslts-version gem. Read the announcement No security updates. March 6th 2025, Rack version...

...Fixed CVE-2025-25184: Possible Log Injection in Rack::CommonLogger October 17th 2024, Rails version 2.3.18.58 Fixed ReDoS vulnerability CVE-2024-47889. Read the announcement. June 19th 2024, Rails version...

This document describes how to configure Rails LTS and how to take advantage of its optional security features. The default Rails LTS configuration (:compatible) has been built for maximum compatibility...

...with the official Rails releases. We do however recommend the :hardened configuration, which includes improvements we believe to be reasonable defaults for increased security in most applications.

...File Inclusion in Rack::Static. Read the announcement March 11th, Rails version 3.2.22.49 Removed the railslts-version gem. Read the announcement No security updates. March 6th 2025, Rack version...

...Fixed CVE-2025-25184: Possible Log Injection in Rack::CommonLogger October 17th 2024, Rails version 3.2.22.48 Fixed ReDoS vulnerabilities CVE-2024-41128 and CVE-2024-47889. Read the announcement.

...File Inclusion in Rack::Static. Read the announcement March 11th, Rails version 5.2.8.29 Removed the railslts-version gem. Read the announcement No security updates. March 6th 2025, Rails version...

...supported), see here for more details. Fixed possible XSS issue CVE-2023-23913 in bundled rails-ujs, see here for more details. We also provided patched NPM packages, see here...

...File Inclusion in Rack::Static. Read the announcement March 11th, Rails version 4.2.11.39 Removed the railslts-version gem. Read the announcement No security updates. March 6th 2025, Rack version...

...Fixed CVE-2025-25184: Possible Log Injection in Rack::CommonLogger October 17th 2024, Rails version 4.2.11.38 Fixed ReDoS vulnerabilities CVE-2024-41128, CVE-2024-47887, and CVE-2024-47889. Read...

This document describes how to swap out the official Rails 3.2 gems with Rails 3.2 LTS. If you have installed Rails LTS before and want to update to a newer...

...rake 12, we have a public fork on Github that fixes the issue. Note on rails-ujs or jquery-ujs See installation instructions here. Note on mysql

This document describes how to swap out the official Rails 2.3 gems with Rails 2.3 LTS. If you have installed Rails LTS before and want to update to a newer...

...branch: '0.2.x-lts' Also, in your database.yml, change the adapter to mysql2. Note on rails-ujs or jquery-ujs See installation instructions here. Breaking changes By default, Rails LTS...

This document describes how to swap out the official Rails 4.2 gems with Rails 4.2 LTS. If you have installed Rails LTS before and want to update to a newer...

...you will be notified whenever a new patch for Rails LTS becomes available. Note on rails-ujs or jquery-ujs See installation instructions here. Breaking changes By default, Rails LTS...

This document describes how to swap out the official Rails 6.1 gems with Rails 6.1 LTS. If you have installed Rails LTS before and want to update to a newer...

...Trix 1 is no longer maintained and has a few XSS vulnerabilities. Note on rails-ujs or jquery-ujs In case your app still uses the old jquery-ujs Javascript...

This document describes how to swap out the official Rails 5.2 gems with Rails 5.2 LTS. If you have installed Rails LTS before and want to update to a newer...

...you will be notified whenever a new patch for Rails LTS becomes available. Note on rails-ujs or jquery-ujs See installation instructions here. Breaking changes Mimicking vanilla Rails...

...File Inclusion in Rack::Static. Read the announcement March 11th, Rails version 6.1.7.25 Removed the railslts-version gem. Read the announcement No security updates. March 6th 2025, Rails version...

...changes can be solved by updating the "uri" gem) Bump dependencies on rack, trix and rails-html-sanitizer to versions without known security vulnerabilities. (Skipped 10 tiny versions to version...

Historically, the "rack" gem was not part of Rails LTS, simply because it was maintained and released separate from Ruby on Rails. However, since Rails cannot work without Rack, and...

This has now changed and Rack is now a core gem of Rails LTS. This means: We are committed to maintaining and patching Rack, and will make sure...

This document assumes you have installed Rails LTS before and want to update to a new version of the Rails LTS gem. As a subscriber to the Rails LTS service...

...you will be notified whenever a new version for Rails LTS becomes available. Run the following comment within your Rails project directory: bundle update rails After updating, check that your...

We maintain several forks since [CVE-2023-23913] of rails-ujs and jquery-ujs. Since each Rails app has a different way of handling asset packages, we introduced several new...

...NPM package, e.g. with npm install @railslts/jquery-ujs. Use the NPM package @railslts/rails-ujs to replace the rails-ujs NPM package, e.g. with npm install @railslts/rails-ujs. You can point the rails-ujs...

...regular expression denial of service) vulnerability in the activerecord gem that is part of Rails LTS. An attacker using a specially crafted request can cause an application with certain vulnerable...

...code to consume an excessive amount of CPU time. Affected versions: Rails 3.2.22.9 LTS and lower, Rails 3.0.20.12 LTS and lower Unaffected versions: Rails 2.3 LTS Note: The flaw is...

Rails 2.3 and 3.2 LTS use ActionDispatch::Http::ParamsHashWithIndifferentAccess to represent params hashes, similar to Rails 5's ActionController::Parameters. If you serialize data in Rails LTS, then upgrade to...

...other Rails versions (such as Rails 5) and then try to deserialize the data, you might run into an error uninitialized constant ActionDispatch::Http::ParamsHashWithIndifferentAccess or undefined class/module ActionDispatch::Http...

Please choose a guide for your version of Ruby on Rails: Installing Rails 2.3 LTS Installing Rails 3.2 LTS Installing Rails 4.2 LTS Installing Rails 5.2 LTS Installing Rails...

If you have installed Rails LTS before and want to update to a newer version, please see our update instructions...

Rails 3.2 LTS, 4.2 LTS, 5.2 LTS Run the following command: bundle show rails This will display the path of the installed rails gem. The path will contain the version...

...number, e.g. 3.2.22.8 below: /home/alice/.rbenv/versions/2.1.2/lib/ruby/gems/2.1.0/gems/rails-3.2.22.8 ^^^^^^^^ Rails LTS 2.3 Installation with bundler As a customer of a paid plan who has installed Rails LTS with Bundler, run the following: