In association with heise online

25 May 2010, 09:27

Rails 2.3.8 released to fix 2.3.7's "Facepalm"

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Ruby on Rails 2.3.8 has been released by the Rails developers to fix yesterday's release of Ruby on Rails 2.3.7. The 2.3.7 release had contained some rapidly created fixes related to the rails_xss plugin to correct Sunday's Rails 2.3.6 release, but unfortunately the Rails 2.3.7 fixes had unintended consequences for all Rails users. Ruby on Rails 2.3.8 is now available for download.

A post on the blog from Jeremy Kemper, a core Rails developer, explained that the hasty fix in 2.3.7 had forced all users to make use of the rails_xss plugin which was not the intention of the fixes, describing it as a Facepalm moment. "I got caught up in a sky-is-falling response to a 2.3.6 bug that affected a handful of users and responded with a fix that exposed a new flaw to nearly all users, despite testing and sanity checking".

Kemper said the Rails developers had taken on feedback, "We hear you, and yes, a thousand times yes. Every stable release, including point releases, deserves the same methodical drumbeat on it's march from git stable to .pre gem to final gem. Expect no less".


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit