On Thu, Feb 14, 2013 at 10:44:49AM -0500, John Eckersberg wrote: > We're still running on the 3.2.12-ish stack that I put in after the > first round of security holes came through. There's been several more > rounds and probably more to come, so we need to keep pulling in updates. > I just took a brief stab at updating to 3.2.12 proper, and a bunch of > tests exploded as usual. I don't have time at the moment to bang on it > myself, so if anybody wants to jump on it, you can be a hero.
So it looks like a continuation of https://github.com/rails/rails/pull/8895#issuecomment-12156101 It turns out that 3.2.12 was a security-only release, so it was just 3.2.11 plus the CVE fixes -- keeping this HABTM bug that was in 3.2.11. (See https://github.com/plataformatec/simple_form/issues/735#issuecomment-13448672 ) I'll poke around and see if we can just advance the commit we're using now, to include the security fixes. -- Matt
