In association with heise online

30 November 2009, 15:16

Ruby on Rails 2.3.5 includes minor bug fixes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The Ruby on Rails development team has released version 2.3.5 of their web framework, which fixes various functional bugs and one security vulnerability. The new release is compatible with earlier 2.3.x versions. The update can be easily installed using the command "gem update rails".

The development team has made minor changes relating to compatibility with Ruby 1.9. The RailsXxs plug-in can be used to automatically replace the ERB template handler with Erubis (a function planned for Rails 3). Erubis is an implementation of the eRuby template engine, which embeds Ruby code in a text document.

Since the 2.3 development branch, it has been possible to replace the default XML parser, REXML, with other parsers such as Nokogiri. The new version resolves the issues previously experienced when using Nokogiri. The security vulnerability relates to an XSS problem in strip_tags.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-872633
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit