On 12/02/2013, at 15:45 , Michael Koziarski <[email protected]> wrote:
> It was intentionally included, if there's breakage (and it seems there is) we > should fix that and release updates that fix the regressions *without* > removing the important security fix. I'm surprised that it was included after the earlier security advisory about this issue said only Rails 4 would get chances to mitigate it. Did the risk assessment get worse or is it just doing whatever we can to improve the situation? I've posted my 2c on the corresponding pull request, https://github.com/rails/rails/pull/9207. Doesn't feel like a safe approach to me, and it's broken basic join conditions when there's table aliasing. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/rubyonrails-core?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
