Hi everyone,
Rails 3.1.0.rc6 has been released. This release contains critical
security fixes.
CHANGES
You can find an exhaustive list of changes on
github.
Along with the closed issues marked for
v3.1.0.
You can also see issues we haven’t
closed.
A comprehensive CHANGELOG will be announced when 3.1.0 final is
released. Barring any show stopping bugs, Rails 3.1.0 will be released
on August 30th.
4 Security Fixes
Please follow the links to see specific information about each
vulnerability, along with individual patches for fixing them.
Please note that these security fixes do not have CVE identifiers. We
requested identifiers on August 5th, and have yet to received a
response. When we get identifiers, we’ll update the notices with those
values.
Also remember to subscribe to the Ruby on Rails Security mailing
list.
Why was this release delayed?
You may have noticed this release was originally slated to be released
on August 8th. We decided to delay the release in order to obtain CVE
identifiers. Unfortunately, identifiers still have not been issued. We
felt that getting the security fixes to our users was more important
than obtaining CVE values.
That is why our release is late, and contains no CVE identifiers.
THE END
Thanks! <3