The Ruby on Rails community has announced Rails 2.3.5, a new release of the Ruby on Rails Web development framework that features improved support for Ruby 1.9 and more.
In a Nov. 30 blog post, Gregg Pollack, a Rails developer and member of the Rails Activism team, said Rails 2.3.5 provides several bug fixes and one security fix. The new release is compatible with other 2.3.x versions of Rails, he said.
In addition to the improved compatibility with Ruby 1.9, Rails 2.3.5 supports a RailsXss plug-in. "If you want to have this functionality today you can install Koz's RailsXss plug-in in Rails 2.3.5," Pollack said.
In a post Nov. 27, Mike Gunderloy, a Rails developer and contributor, said, "An XSS vulnerability in strip_tags is fixed. Rails 2.3.5 supports the xss_safe plug-in, which gives you the XSS escaping features that will be the default in Rails 3.0."
In addition, "With Rails 2.3 we were given the ability to switch out the default XML parser from REXML to other faster parsers like Nokogiri," Pollack said. "If your application is parsing lots of XML you may want to switch to this faster XML parser."
Gunderloy also said the MySQL adapter for Rails has been updated to allow the use of stored procedures, and a problem that prevented the debugger from going into IRB (Interactive Ruby) mode has been fixed.
Moreover, Gunderloy advises:
""If you're using Rails 2.3.x, you should upgrade to this version as soon as possible, to get the security fixes that it contains. If you're using Rails 2.2, there's a separate patch available. Rails versions older than 2.2 are no longer supported with security patches, and should be retired/upgraded as soon as possible." "