An expectation like this will fail with Rails LTS 2.3:
The error will look like this:
expecting <:edit> but rendering with <"">
This is an issue with rspec-rails 1.x monkey-patching into ActionController during controller specs.
To fix this, use our compatibility fork of rspec-rails 1.3.
With Rails 3.2 LTS your RSpec 2 controller specs might fail with an error like this:
NoMethodError: undefined method `' for nil:NilClass
To fix this, use our compatibility fork of rspec-rails 2.14.
You can switch to the fork by updating your
gem 'rspec-rails', :git => 'https://github.com/makandra/rspec-rails.git', :branch => '2-14-lts'
bundle update rspec-rails.
There is a possible ReDoS (regular expression denial of service) vulnerability in the activerecord gem that is part of Rails LTS. An attacker using a specially crafted request can cause an application with certain vulnerable code to consume an excessive amount of CPU time.
Affected versions: Rails 188.8.131.52 LTS and lower, Rails 184.108.40.206 LTS and lower
Unaffected versions: Rails 2.3 LTS
Note: The flaw is also present in the official non-LTS 3.x version of Active Record, which is no longer maintained. Other non-LTS Rails versions are not af...
Mimicking the offical change in Rails 5.1.8 to protect against CVE-2022-32224, all versions of Rails LTS try to use
YAML.safe_load to deserialize database columns in ActiveRecord. This is a potential breaking change.
When using something like
class MyModel < ActiveRecord::Base serialize :address_data # or alternatively store :settings, accessor: [:color, :homepage] end
ActiveRecord will use YAML to serialize and deserialize data. However, YAML deserialization using
YAML.load (or explicitly `YAML.unsafe...
We maintain several forks since [CVE-2023-23913] of rails-ujs and jquery-ujs.
Since each Rails app has a different way of handling asset packages, we introduced several new forked packages with a fix.
If you want to install one of those packages, please replace your npm package or gem with one of our forked versions.
Use the NPM package
@railslts/jquery-ujs to replace the
jquery-ujs NPM package, e.g. with
npm install @railslts/jquery-ujs.
Use the NPM package
@railslts/rails-ujs to replace the
rails-ujs NPM package, e.g. with `npm...
Historically, the "rack" gem was not part of Rails LTS, simply because it was maintained and released separate from Ruby on Rails. However, since Rails cannot work without Rack, and since Rack did have a few minor security vulnerabilities, we've been maintaining forks of Rack on Github for a while.
This has now changed and Rack is now a core gem of Rails LTS. This means:
We are pleased to announce that all versions of Rails LTS now support Ruby 3.1, additionally to all Ruby versions we previously supported.
As always, "support" means:
We have successfully upgraded a medium-sized app to Ruby 3.1 for each version of Rails LTS without major trouble, but **be aware that this upgrade wi...