Rails security fixes, version upgrade

Jan 8, 2013 • posted by Michael Hartl

I've just upgraded the Ruby on Rails Tutorial to use Rails 3.2.11, which contains two important security fixes (one for SQL injection and one for parameter parsing). The latest versions of the online book, ebooks, and sample application all now reflect this change.

It is critical to upgrade all of your production applications as soon as possible. The easiest way to do this is to edit your Gemfile and change the Rails gem version from '3.2.x' to '3.2.11'. Then run

$ bundle update rails && bundle install

to apply the update. (If you're running Rails 3.1.x, 3.0.x, or 2.3.x, there are security patches for those branches as well, as detailed in the parameter parsing post.)