Rails version 3.1.5 has been released!

Good news everyone! Rails version 3.1.5 has been released.

This release of Rails contains two important security fixes:

  * CVE-2012-2660 Ruby on Rails Active Record Unsafe Query Generation Risk   * CVE-2012-2661 Ruby on Rails Active Record SQL Injection Vulnerability

It is suggested that all users upgrade immediately. For more information about these issues, please see the annoumcenents on the rubyonrails-security mailing list:

  https://groups.google.com/group/rubyonrails-security

Specifically these announcements:

  https://groups.google.com/group/rubyonrails-security/browse_thread/thread/f1203e3376acec0f   https://groups.google.com/group/rubyonrails-security/browse_thread/thread/7546a238e1962f59

Other changes for this release can be found in each component's CHANGELOG:

  rails/CHANGELOG.md at 3-1-stable · rails/rails · GitHub   rails/CHANGELOG.md at 3-1-stable · rails/rails · GitHub   rails/CHANGELOG.md at 3-1-stable · rails/rails · GitHub   rails/CHANGELOG.md at 3-1-stable · rails/rails · GitHub   rails/CHANGELOG.md at 3-1-stable · rails/rails · GitHub   rails/CHANGELOG.md at 3-1-stable · rails/rails · GitHub

All changes can be found here:

  https://github.com/rails/rails/compare/v3.1.4...v3.1.5

I want to give a special thanks to Ben Murphy for responsibly reporting the two security issues that are fixed in this release. Thank you very much!

<3<3<3