[SEC][ANN] Rails 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been released!

274 views
Skip to first unread message

Aaron Patterson

unread,
Jan 8, 2013, 3:20:48 PM1/8/13
to rubyonra...@googlegroups.com, rubyonra...@googlegroups.com, ruby...@ruby-lang.org
Hi everybody.

I'd like to announce that 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been released. These releases contain two **extremely critical security fixes** so please update **IMMEDIATELY**.

You can read about the security fixes by following these links:

* [CVE-2013-0155](https://groups.google.com/group/rubyonrails-security/browse_thread/thread/b75585bae4326af2)
* [CVE-2013-0156](https://groups.google.com/group/rubyonrails-security/browse_thread/thread/eb56e482f9d21934)

In order to ease upgrading, the only major changes in each gem are the security fixes. To see the detailed changes for each version, follow the links below:

* [Changes in 3.2.11](https://github.com/rails/rails/compare/v3.2.10...v3.2.11)
* [Changes in 3.1.10](https://github.com/rails/rails/compare/v3.1.9...v3.1.10)
* [Changes in 3.0.19](https://github.com/rails/rails/compare/v3.0.18...v3.0.19)
* [Changes in 2.3.15](https://github.com/rails/rails/compare/v2.3.14...v2.3.15)

Thanks to the people who responsibly reported these security issues.

Here are the SHA-1 checksums for each gem:

### 3.2.11

```
[aaron@higgins dist]$ shasum *3.2.11*
933cd2821b30cdff4a2e0b5cc63f4d2c6b29affe actionmailer-3.2.11.gem
54731c51b55bf0215392971b982139775c0bfa2b actionpack-3.2.11.gem
5ccde66568d8051405c01063f1afaed13bd01082 activemodel-3.2.11.gem
f360c17968486479b0a4207e7eccbe379186a9d2 activerecord-3.2.11.gem
c61ff513be8a8aef898d2e5c4c9508d60727c556 activeresource-3.2.11.gem
41a4e8c382594283026d977554c1e18233198ca8 activesupport-3.2.11.gem
8fa6d19a0daea910e39a0911b2240c2a7b630fb1 rails-3.2.11.gem
ffaec7c3e5211283108cf5afab8e79be76090a0d railties-3.2.11.gem
```

### 3.1.10

```
[aaron@higgins dist]$ shasum *3.1.10*
e3dce983ebd0ee8970c5ddab46b05ac432c8b029 actionmailer-3.1.10.gem
84e536e732255e5dfd3d8053c10ed98dcb45ac80 actionpack-3.1.10.gem
db1a3ac836d988dc1fc7c64d29ded7a277047419 activemodel-3.1.10.gem
ea3ad8514265516033009d97efc1fe7b3d2b09ed activerecord-3.1.10.gem
0843646278b42d9ca796e157295851fd9938fe96 activeresource-3.1.10.gem
b55ef7f66de0bb79fcfa480e8df3696bffbff7f8 activesupport-3.1.10.gem
4ed7d159191faa1a469cd9efdf9e6a4cdc907195 rails-3.1.10.gem
f288986df0fabd2035569199ea3d5f1f46a56db7 railties-3.1.10.gem
```

### 3.0.19

```
[aaron@higgins dist]$ shasum *3.0.19*
f8376f907b2230ac75882e1a3cfa8d5cdd6df800 actionmailer-3.0.19.gem
68b319d86530a5d4291e13d6ab5f357a1e52c05b actionpack-3.0.19.gem
f0fb577ea7446ff229752bc799ca86dd53aa9cda activemodel-3.0.19.gem
c12324d78b22697d426148010901f79b366c0502 activerecord-3.0.19.gem
8dbc7c8c80f5baeec823966aa225b23f4c2a799c activeresource-3.0.19.gem
b525b778f82f844a56ff993211825b9811bf82bd activesupport-3.0.19.gem
c2beb0711d28a07cb2747c83962c7d453951e2d6 rails-3.0.19.gem
de286ada16b3fc76129767dc612926e0b4f71dda railties-3.0.19.gem
```

### 2.3.15

```
[aaron@higgins dist]$ shasum *2.3.15*
5ce45c70851dd534a72814620a6e57b42d360b88 actionmailer-2.3.15.gem
fa174c40f17fa5db952ba3a7c95a4ab0b5467594 actionpack-2.3.15.gem
e7391c92c82f974be7e65765819824e87bdb3cfd activerecord-2.3.15.gem
4644b7a27993f7860d9e176f51dfa52d8f029ec9 activeresource-2.3.15.gem
64843e3676c20a49060605546dfcdddaef2ea1a8 activesupport-2.3.15.gem
c8c0c49c63ca0f9acc3e0967b38d92b1c0b115af rails-2.3.15.gem
```

<3<3<3

--
Aaron Patterson
http://tenderlovemaking.com/

Henrik Ormåsen

unread,
Jan 10, 2013, 8:39:45 AM1/10/13
to rubyonra...@googlegroups.com, rubyonra...@googlegroups.com, ruby...@ruby-lang.org, tende...@ruby-lang.org
How about 2.2?

I'm using yaml, but not xml. How can I fix it?

Walter Lee Davis

unread,
Jan 10, 2013, 3:15:23 PM1/10/13
to rubyonra...@googlegroups.com
AFAIK 3.0.19 is the latest version, the alert refers to updating to this version. Keep an eye on the release channel (this list gets notified very immediately) for any further updates coming soon. There may be another version replacing 3.2.11, possibly the same fix will be rolled into 3.0.x as well.

Walter

On Jan 10, 2013, at 11:14 AM, Xiao Zhao wrote:

> I've upgraded to 3.0.19 yesterday, should I upgrade again today or something?
>
> gem "rails", "~> 3.0.19"
>
> that's what's in my Gemfile
> --
> You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
> To post to this group, send email to rubyonra...@googlegroups.com.
> To unsubscribe from this group, send email to rubyonrails-ta...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/x02mEBp6lnYJ.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>

Reply all
Reply to author
Forward
0 new messages