Ruby on Rails 2.3.5 is released

A NEW VERSION of Ruby on Rails was released this weekend that includes a number of fixes, one of which is aimed at filling a security hole.

In a blog post by Gregg Poland, the developer group said that although it expected most early adopters to have moved on to later versions of the language, it has fixed some interoperability issues with Ruby 1.9, added support for the Koz RailsXSS plug-in, and fixed some back end issues with the alternative XML parser Nokogiri.

Poland recommended that any developers whose application is parsing a lot of XML should switch to this alternative. The security fix appears to relate to some cross-site scripting errors.

"Rails 2.3.5 was released over the weekend which provides several bug-fixes and one security fix. It should be fully compatible with all prior 2.3.x releases and can be easily upgraded to with "gem update rails", explained Poland.

Writing on his blog, Mike Gunderloy, a Rails developer and contributor, added, "If you're using Rails 2.3.x, you should upgrade to this version as soon as possible, to get the security fixes that it contains. Rails versions older than 2.2 are no longer supported with security patches, and should be retired/upgraded as soon as possible."

Users of Rails 2.2 can download an alternative patch. µ