In association with heise online

24 May 2010, 10:43

Ruby on Rails 2.3.6 released, rapidly updated to 2.3.7

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

After six months of bug fixing, some new features and bridge work to Rails 3, the Rails developers released Ruby on Rails 2.3.6 on Sunday, but have now released 2.3.7 after some bugs were discovered in code back ported from Rails 3. The bugs were discovered when Nathan Weizenbaum began updating HAML for the new release and found issues with XSS (Cross Site Scripting) prevention. The XSS prevention, based on rails_xss, was one of the updates in 2.3.6 and is used for automatic HTML escaping.

Rails 2.3.6 includes a number of updates, such as later versions of Rack (now 1.1.0), i18n (now 1.3.7), TZInfo (now 0.3.16) and TMail (now 1.2.7). A number of features described by the developers as "obscure and ancient" have been deprecated in the new version as part of the preparation for Rails 3. Developers who can run their applications without depreciation warnings should find the migration to Rails 3 easier.

Small changes, such as promoting the common "alert" and "notice" keys in flash messages to part of the API, localising the label helper and other minor enhancements have been made throughout the new release. More details are included in the respective release announcements and the complete details are available in the 2.3.5 to 2.3.6 and 2.3.6 to 2.3.7 commit logs. Ruby on Rails 2.3.7 is available to download from Rails is released under the MIT license.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit