Ruby on Rails 2.3.5 includes minor bug fixes
The Ruby on Rails development team has released version 2.3.5 of their web framework, which fixes various functional bugs and one security vulnerability. The new release is compatible with earlier 2.3.x versions. The update can be easily installed using the command "gem update rails".
The development team has made minor changes relating to compatibility with Ruby 1.9. The RailsXxs plug-in can be used to automatically replace the ERB template handler with Erubis (a function planned for Rails 3). Erubis is an implementation of the eRuby template engine, which embeds Ruby code in a text document.
Since the 2.3 development branch, it has been possible to replace the default XML parser, REXML, with other parsers such as Nokogiri. The new version resolves the issues previously experienced when using Nokogiri. The security vulnerability relates to an XSS problem in
- XSS Weakness in strip_tags, a Ruby on Rails: Security post.