Rails 2.3 not supported?

The security fix announcement today sent to the rubyonrails-security
group implied that Rails 2.3 is no longer supported. Is that the
case? Did I miss an announcement somewhere? Is there a list of
supported releases somewhere? (What was I supposed to be paying
attention to?) Thanks,

--Paul

+1

I was surprised as well. The previous security issue in August 2011
that affected 2.3 received a fix and a new release. I also haven't
seen an announcement that that had changed.

That said, I don't blame the core team for wanting to drop Rails 2.3.
They are already supporting 3 branches in the 3.x line.

Rob Olson wrote in post #1049878:

I was surprised as well. The previous security issue in August 2011
that affected 2.3 received a fix and a new release. I also haven't
seen an announcement that that had changed.

That said, I don't blame the core team for wanting to drop Rails 2.3.
They are already supporting 3 branches in the 3.x line.

Not to mention current work on Rails 4.0:
http://weblog.rubyonrails.org/2011/12/20/rails-master-is-now-4-0-0-beta

Maybe 2.3 wasn't affected??

Walter

Maybe 2.3 wasn’t affected??

From the original announcement [https://groups.google.com/d/topic/rubyonrails-security/CdoMUVpsRmQ/discussion]:

Versions Affected: All.
Fixed Versions: 3.2.2, 3.1.4, 3.0.12

Please note that only the 3.2.x, 3.1.x, and 3.0.x series are supported at present. Users of earlier unsupported releases are advised to upgrade as soon as possible.

This leaves me with an uneasy feeling as a user of a few projects still based on 2.3 series…