Possible bug in Rails 2.3.14, controller tests always seem to rescue action with handler

Here's basically what I did to get a minimal reproduction of the
problem:
  rvm install 1.8.7
  rvm use 1.9.8
  gem install rails -v=2.3.14
  rails blargh
  cd blargh
  ./script/generate controller blargh

Contents of blargh_controller.rb:
class BlarghController < ApplicationController
  rescue_from Exception do puts 'Caught it' end

  def index
    raise 'blargh'
  end
end

Contents of blargh_controller_test.rb
require 'test_helper'

class BlarghControllerTest < ActionController::TestCase
  # Replace this with your real tests.
  test "exception handling" do
    rescue_action_in_public!
    get :index
  end
end

Running ruby -I test test/functional/blargh_controller_test.rb gives
me a lot of blaha but also the output that indicates that the
exception was handled even though I didn't change the
@request.remote_addr.

Changing the def rescue_action_without_handler line in module
RaiseActionExceptions to def rescue_action seems to solve the problem
though.

Is anyone still integrating fixes for 2.3?

Is anyone still integrating fixes for 2.3?

No, 2.3. is out of maintenance and out of security support too. There may be 3rd party patches tracked somewhere, but it’s a dead branch from our POV sorry.

Hi,

I would like to be able to direct the pointy haired bosses at a url to show them the “support” status of rails 2.3 (so I can argue for an upgrade path).

Currently this url http://rubyonrails.org/security still refers to 2.3 as being supported with security patches. “Fixes are prepared for all releases which are still under maintenance (at present 2.2.x, 2.3.x, master).”

Would be good tt get this updated (maybe a generic statement about what versions are supported without specific version numbers).

Also is there another location on the website that explicitly states the supported versions or policy?

Cheers,

Anthony Richardson

It seems like it would be beneficial to have a page for rails similar to Ubuntu’s wiki page for releases, which includes the release date and “end of life” date for each release (https://wiki.ubuntu.com/Releases).

– Steve Schwartz

I’ll see if I can get that page updated. The short version is that we support the most recent release for bug fixes, and N-1 for security fixes. Everything else is out of maintenance.

Just to clarify for everyone, N and N-1 refer to the minor version number, right? As in, currently 3.2 for bug fixes and 3.1 for security fixes.

– Steve Schwartz

Exactly

Hi!

Just to clarify for everyone, N and N-1 refer to the minor version number, right? As in, currently 3.2 for bug fixes and 3.1 for security fixes.

– Steve Schwartz

Exactly

So that means 3.0.12, released March 1, 2012 is out of maintenance, is that right? (no pun intended, I’m trying to ensure I can advise my clients accordingly).

– Thibaut

so no security fixes for 3.0.x ? that comes at a big surprise and
feels like being in the rains.

regards,
Kristian

Depending on the issue, we generally try and ship a backported patch, and given the similarity between 3.0 and 3.1 it’s pretty unlikely that it won’t be able to be backported. However we can’t guarantee that, you should upgrade to 3.1 to reduce the risk for your application.

In that case the back port was really easy, and so we did it. The next time a vulnerability comes up it may be just that simple, however you shouldn’t be relying on that.

Fundamentally we’re not going to refuse to spend 10 minutes with git cherry-pick in order to ‘stick with policy’. However if it’s something hairy, we’re not staking our reputation on it.

So that means 3.0.12, released March 1, 2012 is out of maintenance, is that right? (no pun intended, I’m trying to ensure I can advise my clients accordingly).

In that case the back port was really easy, and so we did it. The next time a vulnerability comes up it may be just that simple, however you shouldn’t be relying on that.

Fundamentally we’re not going to refuse to spend 10 minutes with git cherry-pick in order to ‘stick with policy’. However if it’s something hairy, we’re not staking our reputation on it.

It makes sense; thanks for clarifying this!

– Thibaut

Thank you for clarifying this, much appreciated.

Cheers,

Anthony