Hi everyone,

Rails 3.0.10 has been released. This release contains critical security

fixes.

CHANGES

You can find an exhaustive list of changes on

github. Here

are some notable excerpts:

4 Security Fixes

Please follow the links to see specific information about each

vulnerability, along with individual patches for fixing them.

Please note that these security fixes do not have CVE identifiers. We

requested identifiers on August 5th, and have yet to received a

response. When we get identifiers, we’ll update the notices with those

values.

Also remember to subscribe to the Ruby on Rails Security mailing

list.

ActionPack:

Fixes an issue where cache sweepers with only after filters would

have no controller object, it would raise undefined method

controller_name for nil [jeroenj]

have no controller object, it would raise undefined method for [jeroenj] Ensure status codes are logged when exceptions are raised.

Subclasses of OutputBuffer are respected.

Fixed ActionView::FormOptionsHelper#select with :multiple => false

with Avoid extra call to Cache#read in case of a fragment cache hit

ActiveRecord:

Magic encoding comment added to schema.rb files

schema.rb is written as UTF-8 by default.

Ensuring an established connection when running rake db:schema:dump

Association conditions will not clobber join conditions.

Destroying a record will destroy the HABTM record before destroying

itself. GH #402 .

itself. GH . Make ActiveRecord::Batches#find_each to not return self .

to not return . Update table_exists? in PG to to always use current search_path

or schema if explictly set.

Why was this release delayed?

You may have noticed this release was originally slated to be released

on August 8th. We decided to delay the release in order to obtain CVE

identifiers. Unfortunately, identifiers still have not been issued. We

felt that getting the security fixes to our users was more important

than obtaining CVE values.

That is why our release is late, and contains no CVE identifiers.

THE END

Thanks! <3