[SEC][ANN] Rails 3.2.12, 3.1.11, and 2.3.17 have been released!

--
Aaron Patterson
http://tenderlovemaking.com/

On Monday, February 11, 2013 11:30:51 AM UTC-7, Aaron Patterson wrote:

Hi everybody.

I'd like to announce that Rails 3.2.12, 3.1.11, and 2.3.17 have been
released.

3.2.12 and 3.1.11 contain one security fix, and 2.3.17 contains two
security fixes. It is recommended that you update immediately.

You can read about the security fixes by following these links:

* [CVE-2013-0276](
Redirecting to Google Groups)

* [CVE-2013-0277](
Redirecting to Google Groups
)

Please note that today a new JSON gem was released, and it also contains
an important security fix. You should update the JSON gem as soon as
possible. You can read about the security issue in the JSON gem here:

* [CVE-2013-0269](
Redirecting to Google Groups)

In order to ease upgrading, the only major changes in each gem is the
security fix. To see the detailed changes for each version, follow the
links below:

* [Changes in 3.2.12](
https://github.com/rails/rails/compare/v3.2.11...v3.2.12\)
* [Changes in 3.1.11](
https://github.com/rails/rails/compare/v3.1.10...v3.1.11\)
* [Changes in 2.3.17](
https://github.com/rails/rails/compare/v2.3.16...v2.3.17\)

Thanks to the people who responsibly reported these security issues.

Please note that per our [maintenance policy](
Redirecting to Google Groups)
there will be no 3.0.x version released.

Here are the SHA-1 checksums for each gem:

## Rails 3.2.12

[aaron@higgins dist]$ shasum *3.2.* 
5627c6d044cc52876128459d960f8805006b5f97  actionmailer-3.2.12.gem 
336f76c045b6bcbd204831897131182cff82ddf8  actionpack-3.2.12.gem 
89bec5d68861ad5d79ca776ef5d6df7c1cfc2b11  activemodel-3.2.12.gem 
7d4327c54900f45c60947a63350e865843e193ef  activerecord-3.2.12.gem 
4b8ed4190f98a85b800ee7893bae5afd1bee0874  activeresource-3.2.12.gem 
c9e44eed288140f556e6543b93fc45f8dd57a415  activesupport-3.2.12.gem 
24b3b4633d7f131e61e50decc3aa11590941c6e2  rails-3.2.12.gem 
a84262f1968e83141d290c034b20a28d38886d10  railties-3.2.12.gem 

## Rails 3.1.11

[aaron@higgins dist]$ shasum *3.1.* 
d80816e69614c1f0d96cb7d0f4a38bfdc8d84ff5  actionmailer-3.1.11.gem 
f65cea0682b6051869d4125f7b441a7c6f59fcbe  actionpack-3.1.11.gem 
549ec2b67d4332b38cef1620b23e00e50e0774e6  activemodel-3.1.11.gem 
3d342764b7ba3bae05190f15bcb35d401cd8121e  activerecord-3.1.11.gem 
19bd70bad6c4e4a555127a7738e71ac4829e6f61  activeresource-3.1.11.gem 
7267b2f87bea5bd285f5d1bfe49bb2ba19df7c94  activesupport-3.1.11.gem 
ca57e1243451385689343dbe2bb42e23058284df  rails-3.1.11.gem 
48cc801bdb7c31c4b6939235a60ef3e5008f5dbb  railties-3.1.11.gem 

## Rails 2.3.17

[aaron@higgins dist]$ shasum *2.3.* 
5df1fe13db46ac10dec8bb607ef515881dcf09c5  actionmailer-2.3.17.gem 
d1165517a185ae73ca8a4ac89549e695a23fedfa  actionpack-2.3.17.gem 
b24ff71e46b798d7c38504531cb7622955d9a20c  activerecord-2.3.17.gem 
9cc2a7bd60a959dcba099425954a1b9c53235ce5  activeresource-2.3.17.gem 
4ccc935fdc4d7ede78a1c376453ecb502e48b7ed  activesupport-2.3.17.gem 
9613a97cb726f00de59ad6d0f901f7434f9c4733  rails-2.3.17.gem 

<3<3<3

--
Aaron Patterson
http://tenderlovemaking.com/

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-core+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-core@googlegroups.com.
Visit this group at http://groups.google.com/group/rubyonrails-core?hl=en\.
For more options, visit https://groups.google.com/groups/opt_out\.

On Monday, February 11, 2013 at 4:19 PM, Justin Hart wrote:

Were the ActiveRecord changes included in the GitHub diff intended to be released? The Changelog says 'unreleased'. It looks like its in reference to a note on the Security list: Redirecting to Google Groups

I support the changes, just wondering if it was unintended since it wasn't mentioned in the OP.

On Monday, February 11, 2013 11:30:51 AM UTC-7, Aaron Patterson wrote:
> Hi everybody.
>
> I'd like to announce that Rails 3.2.12, 3.1.11, and 2.3.17 have been released.
>
> 3.2.12 and 3.1.11 contain one security fix, and 2.3.17 contains two security fixes. It is recommended that you update immediately.
>
> You can read about the security fixes by following these links:
>
> * [CVE-2013-0276](Redirecting to Google Groups)
> * [CVE-2013-0277](Redirecting to Google Groups)
>
> Please note that today a new JSON gem was released, and it also contains an important security fix. You should update the JSON gem as soon as possible. You can read about the security issue in the JSON gem here:
>
> * [CVE-2013-0269](Redirecting to Google Groups)
>
> In order to ease upgrading, the only major changes in each gem is the security fix. To see the detailed changes for each version, follow the links below:
>
> * [Changes in 3.2.12](https://github.com/rails/rails/compare/v3.2.11...v3.2.12\)
> * [Changes in 3.1.11](https://github.com/rails/rails/compare/v3.1.10...v3.1.11\)
> * [Changes in 2.3.17](https://github.com/rails/rails/compare/v2.3.16...v2.3.17\)
>
> Thanks to the people who responsibly reported these security issues.
>
> Please note that per our [maintenance policy](Redirecting to Google Groups) there will be no 3.0.x version released.
>
> Here are the SHA-1 checksums for each gem:
>
> ## Rails 3.2.12
>
> ```
> [aaron@higgins dist]$ shasum *3.2.*
> 5627c6d044cc52876128459d960f8805006b5f97 actionmailer-3.2.12.gem
> 336f76c045b6bcbd204831897131182cff82ddf8 actionpack-3.2.12.gem
> 89bec5d68861ad5d79ca776ef5d6df7c1cfc2b11 activemodel-3.2.12.gem
> 7d4327c54900f45c60947a63350e865843e193ef activerecord-3.2.12.gem
> 4b8ed4190f98a85b800ee7893bae5afd1bee0874 activeresource-3.2.12.gem
> c9e44eed288140f556e6543b93fc45f8dd57a415 activesupport-3.2.12.gem
> 24b3b4633d7f131e61e50decc3aa11590941c6e2 rails-3.2.12.gem
> a84262f1968e83141d290c034b20a28d38886d10 railties-3.2.12.gem
> ```
>
> ## Rails 3.1.11
>
> ```
> [aaron@higgins dist]$ shasum *3.1.*
> d80816e69614c1f0d96cb7d0f4a38bfdc8d84ff5 actionmailer-3.1.11.gem
> f65cea0682b6051869d4125f7b441a7c6f59fcbe actionpack-3.1.11.gem
> 549ec2b67d4332b38cef1620b23e00e50e0774e6 activemodel-3.1.11.gem
> 3d342764b7ba3bae05190f15bcb35d401cd8121e activerecord-3.1.11.gem
> 19bd70bad6c4e4a555127a7738e71ac4829e6f61 activeresource-3.1.11.gem
> 7267b2f87bea5bd285f5d1bfe49bb2ba19df7c94 activesupport-3.1.11.gem
> ca57e1243451385689343dbe2bb42e23058284df rails-3.1.11.gem
> 48cc801bdb7c31c4b6939235a60ef3e5008f5dbb railties-3.1.11.gem
> ```
>
> ## Rails 2.3.17
>
> ```
> [aaron@higgins dist]$ shasum *2.3.*
> 5df1fe13db46ac10dec8bb607ef515881dcf09c5 actionmailer-2.3.17.gem
> d1165517a185ae73ca8a4ac89549e695a23fedfa actionpack-2.3.17.gem
> b24ff71e46b798d7c38504531cb7622955d9a20c activerecord-2.3.17.gem
> 9cc2a7bd60a959dcba099425954a1b9c53235ce5 activeresource-2.3.17.gem
> 4ccc935fdc4d7ede78a1c376453ecb502e48b7ed activesupport-2.3.17.gem
> 9613a97cb726f00de59ad6d0f901f7434f9c4733 rails-2.3.17.gem
> ```
>
> <3<3<3
>
> --
> Aaron Patterson
> http://tenderlovemaking.com/
--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-core+unsubscribe@googlegroups.com (mailto:rubyonrails-core+unsubscribe@googlegroups.com).
To post to this group, send email to rubyonrails-core@googlegroups.com (mailto:rubyonrails-core@googlegroups.com).
Visit this group at http://groups.google.com/group/rubyonrails-core?hl=en\.
For more options, visit https://groups.google.com/groups/opt_out\.

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-core+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-core@googlegroups.com.
Visit this group at http://groups.google.com/group/rubyonrails-core?hl=en\.
For more options, visit https://groups.google.com/groups/opt_out\.