Good news everyone! Rails version 3.1.6 has been released.
This release of Rails contains two important security fixes:
- CVE-2012-2694 Ruby on Rails Unsafe Query Generation Risk in Ruby on
Rails - CVE-2012-2695 Ruby on Rails SQL
Injection
Please note that the last round of security fixes DO NOT cover the
situations that these patches fix. Therefore it is suggested that all
users upgrade immediately. For more information about these issues,
please see the annoumcenents on the rubyonrails-security mailing
list.
Other changes for this release can be found in each component’s
CHANGELOG:
All changes can be found
here.
<3<3<3