Rails 2.0.4: Maintenance release
Posted by David September 03, 2008 @ 09:43 AM
Thanks to Git it’s been a lot easier to maintain older branches of the code base, so we’ve taken the opportunity to backport a bunch of bug fixes to the 2.0 branch and here’s the release for that.
The only major issue is that we’ve fixed the REXML DoS vulnerability with a monkey patch that ships in the box. So if you’re on 2.0 and haven’t dealt with the issue already, you can upgrade to 2.0.4 and get it fixed.
You can install with: gem install rails --version 2.0.4
UPDATE: The actual 2.0.4 gem didn’t get published yesterday due to a bug in the release script. It’s been fixed and 2.0.4 is actually available on the main gem repository. Sorry about that!
Good Job
Posted at 09:43 AM. Wasn’t I listening to your keynote then, or are you really a Ruby God who can give a keynote speech AND post a new Ruby on Rails release at the same time?
But, without the joking, great job! I can’t wait for 2.2 to come out, though.
This is great. I’ve been using REXML for a project and I recently heard about the DoS vulnerability. I wasn’t really concerned so I haven’t done anything about it yet… but this handles that problem for me anyway.
Thanks.
There are some “Ruby 1.9 compatibility” changes logs, does anyone know how comaptible with Ruby 1.9 Rails are atm? Is it stable enough to say deploy internal projects on it?
Will the non-gem source bundle be available for download at rubyforge? Right now the latest .tar.gz is 2.0.3
Why not having included this patch http://rails.lighthouseapp.com/projects/8994/tickets/788-saving-only-changed-attributes-hurts-serialization-2 ? This behavior breaks pre-2.1 applications !!!
Tomasz, you can run Rails 2.1 and later on Ruby 1.9. I still have occasional segfaults, so I wouldn’t call it stable. With some form of process supervision, though, you could pull it off.
Mark, not sure what’s up with the tarball but will investigate.
Jerome, partial updates were introduced in 2.1 so the ticket isn’t relevant to 2.0.x.
i didn’t succeed to install 2.0.4 via gems. Where did it go?
I assume Rails 2.1.1 addresses same issues for Rails 2.1?
Doing a `gem install rails—version 2.0.4` complains about the activerecord 2.0.4 gem not being available. I tried to install in manually and got the same error. The same is valid for activeresource 2.0.4. The other gems are there.
sprtuezlylvsdewwxsuvrlsnpobals
Same error as above:
$ sudo gem install rails—version 2.0.4 ERROR: Error installing rails: rails requires activerecord (= 2.0.4, runtime)
if trying to install activerecord 2.0.4 manually.
$ sudo gem install activerecord—version 2.0.4 ERROR: could not find gem activerecord locally or in a repository
gem install rails -v=2.0.4 ERROR: Error installing rails: rails requires activerecord (= 2.0.4, runtime)
same problem again :-( it has already been ok couple days ago
Have this maintainence release made through to
http://dev.rubyonrails.org/svn/rails/branches/2-0-stable/
Stable seems to be at RAILS 2.0.2
Is SVN stable branch supported anymore?