Rails version 3.2.7 has been released

Rails version 3.2.7 has been released(weblog.rubyonrails.org)

56 points by jtsagata 13 years ago | 20 comments

tenderlove 13 years ago |

Crap. I keep forgetting to submit these announcements to hacker news. I'm saving up my HN points to get a commemorative pin! ;)

If you have questions about the release, or the security issue, fire away. :-)

film42 13 years ago |

Is it just me or does it seem like everyone's stack is moving away from Rails? I mean, it's a great solution to many problems, I just feel that there's a lot more platforms that offer you even better customization and leave a far smaller footprint.

aaronblohowiak 13 years ago | |

It is going through the "small, cohesive" -> "full-featured!" -> "bloated" -> "modular" -> "too many abstractions" cycle.. in terms of overall adoption, I'm not sure. Many people like having all the "hard" problems solved for them.

People tend to talk about what's new and shiny because there is greater social reward for being the advocate of something new/better than there is to say "what we have is good enough and so I like using it!"

slurgfest 13 years ago | | |

Orthodoxy has greater social reward when everyone around you is orthodox...

jph 13 years ago | |

It's just you. :) In seriousness, many of the newer stacks (e.g. Meteor) offer fast ways to get started then you realize you need functionality such as authentication, authorization, server-side validations, migrations, queues, caches, API connections to other sites to retrieve data, etc. When you add all that in, you're essentially rolling your own large framework of pieces.

tptacek 13 years ago | |

Definitely what we need in a thread about a security issue in a hugely popular web stack is a language war.

dschobel 13 years ago | | |

"MRI scares the bejeezus out of me" - you, an hour ago

I think asking about alternatives is fair game.

true_religion 13 years ago | |

Nope, its just that other things are being hyped apart from rails.

aaronblohowiak 13 years ago |

Don't call to_sym on untrusted input!

tptacek 13 years ago | |

Oh wow. rb_intern() is a mess.

tenderlove 13 years ago | | |

Actually, I find it easy to read compared to some other functions in MRI. The trick is that it keeps the symbol in a global table (that never gets reaped).

aaronblohowiak 13 years ago | | |

is the badness in st_lookup or rb_enc_str_new ? I haven't traced the execution deep enough to see where things go south...

hekker 13 years ago | |

Why not? Can anybody explain why this is unsafe?