On Wednesday, June 3, 2015 at 11:11:41 PM UTC+1, Elizabeth McGurty wrote: > > I have build an application. My shared web server is with DreamHost. > The permitted Rails version is 3.0.3, and permitted Ruby version is 1.8.7. > > With this information, when I recently announced here that I had made some > progress in better utilizing table associations, a member here, Colin Law, > responded: > > "Rails 3.0 is long obsolete and, I believe, no longer receives even > security updates, it should not be used for production applications." > > What are the facts here? Are none of you using Rails 3.x? > > You've had some answers about rails, but ruby 1.8.7 is also no longer receiving security updates from the ruby core team (some linux distributions are back porting security fixes).
Even if you are stuck on rails 3.0.x, you really don't want to use 3.0.3 - the last in that series was 3.0.20 - you're missing out on nearly 2.5 years of bug fixes & security fixes,such as https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ https://groups.google.com/forum/#!topic/rubyonrails-security/DCNTNp_qjFM https://groups.google.com/forum/#!topic/rubyonrails-security/l4L0TEVAz1k You are almost certainly vulnerable to remote code execution, sql injection etc. Fred -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscr...@googlegroups.com. To post to this group, send email to rubyonrails-talk@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/e8c8fa11-0b40-48b5-917b-a86490a94a1f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
