Ruby on Rails 2.3.5, featuring security boosts and compatibility improvements for version 1.9 of the Ruby language, was released over the weekend, according to a blog post on the Ruby on Rails Web site.
Rails is a popular open source Web framework. Rails 2.3.5 offers bug and security fixes and should be compatible with prior 2.3.x releases of Rails, said Greg Pollack, who is part of the Rails Activist Team. XSS (Cross Site Scripting) protection was cited as the major improvement in the release by Rails founder David Heinemeier Hansson in an e-mail.
[ See InfoWorld's earlier reports on planned Rails upgrades and enhancements for Rails 3. ]
"The big feature in Rails 2.3.5 is that it works with our new rails_xss plug-in, which makes XSS protection completely automatic for Rails applications," Hansson said. "Before that, you had to manually ensure that you weren't leaving windows open for XSS attacks. Now you can just get the plug-in and sit back and relax. This feature will also be standard equipment on Rails 3.0."
Bugs were fixed in version 2.3.5 to boost Ruby 1.9 compatibility.
"There were a few small bugs preventing full compatibility with Ruby 1.9. However, we wouldn't be surprised you were already running Rails 2.3.x successfully before these bugs were fixed (they were small)," Pollack said.
A security fix in version 2.3.5 takes care of a vulnerability in the Rails strip_tags function, in which a bug in the parsing code inside HTML:Tokenizer could make applications relying on strip tags for XSS vulnerable to attacks on Internet Explorer users.
Also featured is resolution of issues with using the Nokogiri XML parser. Rails 2.3 provided the ability to switch from the default REXML parser to faster parsers such as Nokogiri.
Meanwhile, a release date for Rails 3.0, which merges Rails with the Merb framework, is "still up in the air" at this point, said Hansson. The Rails team had hoped to release it this year.
"We're hoping to get something out, but we'll see," Hansson said.
This story, "Rails upgrade fixes security issues, Ruby 1.9 compatibility," was originally published at InfoWorld.com. Follow the latest developments in Ruby, Ruby on Rails, and application development at InfoWorld.com.
Read more about developer world in InfoWorld's Developer World Channel.
Get the independent advice and expertise you need to support a virtual workforce.
The increase in Linux popularity has increased the frequency and sophistication of malware attacks. Read this 2 page white paper now to learn how you can protect your Linux environment with real-time protection that is certified by all major Linux vendors.
Download now »
Ensuring acceptable application delivery will become even more difficult over the next few years. As a result, IT organizations need to ensure that the approach that they take to resolving the current application delivery challenges can scale to support the emerging challenges. This handbook elaborates on the key tasks associated with planning, optimization, management and control and provides decision criteria to help IT organizations choose appropriate solutions.
Download now »
A common misconception is that mid-range storage requirements are dramatically different than that of a larger enterprise. Mid-range storage users may require less capacity, but they have similar functionality and management requirements. This ESG paper examines mid-range storage needs and reviews a new solution that adjusts size while retaining value, performance and functionality.
Download now »
Sign up to receive InfoWorld Resource Alerts
17 Recommendations
