The Ruby on Rails community releases Rails 2.3.5. Version 2.3.5 of the Ruby on Rails Web development framework features improved support for Ruby 1.9 and more.The Ruby on Rails community has announced Rails 2.3.5, a new release of the
Ruby on Rails Web development framework that features improved support for Ruby
1.9 and more.
In a Nov. 30 blog post, Gregg
Pollack, a Rails developer and member of the Rails Activism team, said
Rails 2.3.5 provides several bug fixes and one security fix. The new release is
compatible with other 2.3.x versions of Rails, he said.
In addition to the improved compatibility with Ruby 1.9, Rails 2.3.5
supports a RailsXss plug-in. "If you want to have this functionality today
you can install Koz's RailsXss
plug-in in Rails 2.3.5," Pollack said.
In a post Nov. 27, Mike
Gunderloy, a Rails developer and contributor, said, "An XSS
vulnerability in strip_tags is fixed. Rails 2.3.5 supports the xss_safe
plug-in, which gives you the XSS escaping features that will be the default in
Rails 3.0."
In addition, "With Rails 2.3 we were given the ability to switch out
the default XML parser from REXML to other faster parsers like Nokogiri," Pollack said. "If your
application is parsing lots of XML
you may want to switch to this faster XML parser."
Gunderloy also said the MySQL adapter for Rails has been updated to allow
the use of stored procedures, and a problem that prevented the debugger from
going into IRB (Interactive Ruby) mode has been fixed.
Moreover, Gunderloy advises:
"If you're using Rails 2.3.x, you
should upgrade to this version as soon as possible, to get the security fixes
that it contains. If you're using Rails 2.2, there's a separate patch
available. Rails versions older than 2.2 are no longer supported with security
patches, and should be retired/upgraded as soon as possible."
Application Development 
