The tags on 3-0-stable, 2-3-stable, 2-2-stable and 2-1-stable are currently patched when there is a security release. This means the latest tiny versions of these branches are the ones supported when there is a security release. It is always recommended to stay up-to- date to the latest tiny version in your minor release.
It is likely that when 3.1 is released, we will drop support to 2.2.x and 2.1.x versions. On Feb 10, 6:28 pm, fowlduck <[email protected]> wrote: > 1) I have a hard time believing that the majority of shops upgrade > every when every patch release comes out despite not being affected by > a bug, not getting a desirable feature, or not having a security > issue. I do not think we're a niche at all. Certainly if there's a > compelling reason to upgrade, I upgrade. > > 2) The patch provided by rails core doesn't work on 2.3.2-2.3.4 due to > form_authenticity_param being missing and doesn't work on 2.3.5 due to > the lack of the html_safe method. Applying the patch to vendored > rails, in this case, would have resulted in a broken app (which even > if fixed may not work as expected). > > Which versions of rails are considered supported with regard to > security fixes, then? That's a compelling reason to upgrade with every > patch release. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en.
