Archive RSS Email

Rails security fixes, version upgrade

Jan 8, 2013 • posted by Michael Hartl

I've just upgraded the Ruby on Rails Tutorial to use Rails 3.2.11, which contains two important security fixes (one for SQL injection and one for parameter parsing). The latest versions of the online book, ebooks, and sample application all now reflect this change.

It is critical to upgrade all of your production applications as soon as possible. The easiest way to do this is to edit your Gemfile and change the Rails gem version from '3.2.x' to '3.2.11'. Then run

$ bundle update rails && bundle install

to apply the update. (If you're running Rails 3.1.x, 3.0.x, or 2.3.x, there are security patches for those branches as well, as detailed in the parameter parsing post.)

Michael Hartl

I’m Michael Hartl—author, educator, and entrepreneur. I’m probably best known as the creator of the Ruby on Rails Tutorial, a book and screencast series that together constitute one of the leading introductions to web development. Once called his “favorite book” by Wikipedia founder Jimmy Wales, the Ruby on Rails Tutorial currently has over 150 5-star reviews at Amazon. I’m also (in)famous for creating Tau Day and The Tau Manifesto, which have inspired an international movement dedicated to the proposition that “pi is wrong.” (For example, as a result of The Tau Manifesto, MIT releases their admissions decisions each year at “Tau Time” (6:28 p.m.), and typing tau/2 at Google yields 3.14159…) Finally, I’m a founder of Softcover, a publishing system and sales platform for technical authors, which among other things powers both The Tau Manifesto and the Ruby on Rails Tutorial.

I’m a graduate of Harvard College and have a Ph.D. in Physics from Caltech, where I studied black hole dynamics and was an award-winning instructor in theoretical and computational physics. I’m also an alumnus of Y Combinator, the entrepreneur program that has produced companies such as Dropbox and Airbnb. (Alas, my own Y Combinator startup was neither Dropbox nor Airbnb.)