1) I have a hard time believing that the majority of shops upgrade every when every patch release comes out despite not being affected by a bug, not getting a desirable feature, or not having a security issue. I do not think we're a niche at all. Certainly if there's a compelling reason to upgrade, I upgrade.
2) The patch provided by rails core doesn't work on 2.3.2-2.3.4 due to form_authenticity_param being missing and doesn't work on 2.3.5 due to the lack of the html_safe method. Applying the patch to vendored rails, in this case, would have resulted in a broken app (which even if fixed may not work as expected). Which versions of rails are considered supported with regard to security fixes, then? That's a compelling reason to upgrade with every patch release. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en.
