The security fix announcement today sent to the rubyonrails-security group implied that Rails 2.3 is no longer supported. Is that the case? Did I miss an announcement somewhere? Is there a list of supported releases somewhere? (What was I supposed to be paying attention to?) Thanks,
--Paul
+1
I was surprised as well. The previous security issue in August 2011 that affected 2.3 received a fix and a new release. I also haven't seen an announcement that that had changed.
That said, I don't blame the core team for wanting to drop Rails 2.3. They are already supporting 3 branches in the 3.x line.
Rob Olson wrote in post #1049878:
I was surprised as well. The previous security issue in August 2011 that affected 2.3 received a fix and a new release. I also haven't seen an announcement that that had changed.
That said, I don't blame the core team for wanting to drop Rails 2.3. They are already supporting 3 branches in the 3.x line.
Not to mention current work on Rails 4.0:
Maybe 2.3 wasn't affected??
Walter
Maybe 2.3 wasn’t affected??
From the original announcement [https://groups.google.com/d/topic/rubyonrails-security/CdoMUVpsRmQ/discussion]:
Versions Affected: All. Fixed Versions: 3.2.2, 3.1.4, 3.0.12
Please note that only the 3.2.x, 3.1.x, and 3.0.x series are supported at present. Users of earlier unsupported releases are advised to upgrade as soon as possible.
This leaves me with an uneasy feeling as a user of a few projects still based on 2.3 series…