--I3tAPq1Rm2pUxvsp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Good news everyone!  Rails version 3.2.4 has been released.

This release of Rails contains two important security fixes:

  * CVE-2012-2660 Ruby on Rails Active Record Unsafe Query Generation Risk
  * CVE-2012-2661 Ruby on Rails Active Record SQL Injection Vulnerability

It is suggested that all users upgrade immediately.  For more information a=
bout
these issues, please see the annoumcenents on the rubyonrails-security
mailing list:

  https://groups.google.com/group/rubyonrails-security

Specifically these announcements:

  https://groups.google.com/group/rubyonrails-security/browse_thread/thread=
/f1203e3376acec0f
  https://groups.google.com/group/rubyonrails-security/browse_thread/thread=
/7546a238e1962f59

Other changes for this release can be found in each component's CHANGELOG:

  https://github.com/rails/rails/blob/3-2-stable/actionmailer/CHANGELOG.md
  https://github.com/rails/rails/blob/3-2-stable/actionpack/CHANGELOG.md
  https://github.com/rails/rails/blob/3-2-stable/activemodel/CHANGELOG.md
  https://github.com/rails/rails/blob/3-2-stable/activerecord/CHANGELOG.md
  https://github.com/rails/rails/blob/3-2-stable/activesupport/CHANGELOG.md
  https://github.com/rails/rails/blob/3-2-stable/railties/CHANGELOG.md

All changes can be found here:

  https://github.com/rails/rails/compare/v3.2.3...v3.2.4

I want to give a special thanks to Ben Murphy for responsibly reporting the=
 two
security issues that are fixed in this release.  Thank you very much!

<3<3<3

--=20
Aaron Patterson
http://tenderlovemaking.com/

--I3tAPq1Rm2pUxvsp
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (Darwin)

iQEcBAEBAgAGBQJPx7pcAAoJEJUxcLy0/6/Gf8gH/1fepwqMXzZh+ab4salkbbmm
hXE9yxXlYJO9jiMf8k/Iu5012tCmiNFLIJLtrbgpvOAYXjDITE318Cidis5AMl5B
z0rTnuXASwdFptIlbB5s8pT0UGtiVOM1uCeQhIxenTrfgcYvrNwmD8ABnKzt7gwW
kqXpUrbzRjtEsfAbQX49n0FX6Jy5aZ5DfxVqZA1Q+ixa/GpFOvcCSyzgZ7ccVuZg
OaBIBKEzyEsWtdSfp4KcutOxs2DPfEEHYHVdj//vkCdXYlV6naxIlBAqGZlOPFih
mFBH5+RI/VoP8ROLLJhf9annTotEhNMRvRof5xcXDq163b5sLQdVQOb72jBg9jw=
=cIdE
-----END PGP SIGNATURE-----

--I3tAPq1Rm2pUxvsp--

Good news everyone!  Rails version 3.2.4 has been released.

This release of Rails contains two important security fixes:

  * CVE-2012-2660 Ruby on Rails Active Record Unsafe Query Generation Risk
  * CVE-2012-2661 Ruby on Rails Active Record SQL Injection Vulnerability

It is suggested that all users upgrade immediately.  For more information a=
bout
these issues, please see the annoumcenents on the rubyonrails-security
mailing list:

  https://groups.google.com/group/rubyonrails-security

Specifically these announcements:

  https://groups.google.com/group/rubyonrails-security/browse_thread/thread=
/f1203e3376acec0f
  https://groups.google.com/group/rubyonrails-security/browse_thread/thread=
/7546a238e1962f59

Other changes for this release can be found in each component's CHANGELOG:

  https://github.com/rails/rails/blob/3-2-stable/actionmailer/CHANGELOG.md
  https://github.com/rails/rails/blob/3-2-stable/actionpack/CHANGELOG.md
  https://github.com/rails/rails/blob/3-2-stable/activemodel/CHANGELOG.md
  https://github.com/rails/rails/blob/3-2-stable/activerecord/CHANGELOG.md
  https://github.com/rails/rails/blob/3-2-stable/activesupport/CHANGELOG.md
  https://github.com/rails/rails/blob/3-2-stable/railties/CHANGELOG.md

All changes can be found here:

  https://github.com/rails/rails/compare/v3.2.3...v3.2.4

I want to give a special thanks to Ben Murphy for responsibly reporting the=
 two
security issues that are fixed in this release.  Thank you very much!

<3<3<3

--=20
Aaron Patterson
http://tenderlovemaking.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (Darwin)

iQEcBAEBAgAGBQJPx7pcAAoJEJUxcLy0/6/Gf8gH/1fepwqMXzZh+ab4salkbbmm
hXE9yxXlYJO9jiMf8k/Iu5012tCmiNFLIJLtrbgpvOAYXjDITE318Cidis5AMl5B
z0rTnuXASwdFptIlbB5s8pT0UGtiVOM1uCeQhIxenTrfgcYvrNwmD8ABnKzt7gwW
kqXpUrbzRjtEsfAbQX49n0FX6Jy5aZ5DfxVqZA1Q+ixa/GpFOvcCSyzgZ7ccVuZg
OaBIBKEzyEsWtdSfp4KcutOxs2DPfEEHYHVdj//vkCdXYlV6naxIlBAqGZlOPFih
mFBH5+RI/VoP8ROLLJhf9annTotEhNMRvRof5xcXDq163b5sLQdVQOb72jBg9jw=
=cIdE
-----END PGP SIGNATURE-----