On Thu, Feb 10, 2011 at 9:28 AM, fowlduck <[email protected]> wrote: > > 2) The patch provided by rails core doesn't work on 2.3.2-2.3.4 due to > form_authenticity_param being missing and doesn't work on 2.3.5 due to > the lack of the html_safe method. Applying the patch to vendored > rails, in this case, would have resulted in a broken app (which even > if fixed may not work as expected). >
I think you're misunderstanding what the last number in 2.3.2, 2.3.4 etc. means. And everyone is using the word "version" to mean two different things here. > Which versions of rails are considered supported with regard to > security fixes, then? That's a compelling reason to upgrade with every > patch release. > Yes it is. The *versions* of Rails supported are 2.3 and 3.0 (although José says 2.1 and 2.2 as well) - which is why both had a patch release with the security patches. In the proper sense of the word, "upper-case V" Version if you like, 2.3.5 is not a *version* of Rails, it's patch release 5 of version 2.3. 2 = Major version 3. = Minor version 5 = Patch number Cheers, Jason -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en.
