Visit Rails NES Home Page
Rails 2.3.x Release Notes
4 versions
Changelog and Release Notes for the NES version of Rails 2.3
March 2026
2.3.18.61
Released Mar 24, 2026Bug Fixes
Action View
- CVE-2026-33168 — Fix possible XSS in tag helper.
Active Support
- CVE-2026-33176 — Fix possible DoS.
- CVE-2026-33169 — Fix possible ReDoS.
August 2025
2.3.18.60
Released Aug 20, 2025Bug Fixes
Active Record
- CVE-2025-55193 - Call inspect on ids in
RecordNotFounderror.
Active Storage
- CVE-2025-24293 - Remove dangerous transformations.
February 2025
2.3.18.58
Released Feb 10, 2025Notes
- This is the initial release of Never-Ending Support (NES) for Rails v2.3.x.
Bug Fixes
Action Mailer
- CVE-2024-47889 – Avoid regex backtracking in
block_formathelper.
Action Pack
- CVE-2023-28362 – Raise an exception if illegal characters are provide to
redirect_to. - CVE-2021-22885 – Fixed an information disclosure and unintended method execution vulnerability in Action Pack.
- CVE-2020-8159 - Arbitrary file write/potential remote code execution attack.
- CVE-2016-0751 – Fixed a denial-of-service (DoS) vulnerability caused by a crafted HTTP Accept header.
Active Record
- CVE-2022-44566– Fixed a denial-of-service (DoS) vulnerability in Active Record's PostgreSQL adapter.
- CVE-2022-32224 – Fixed a remote code execution (RCE) vulnerability with serialized columns in Active Record.
- CVE-2014-3482 – Fixed a SQL injection vulnerability in Active Record.
Active Resource
- CVE-2020-8151 – Fixed an information disclosure issue in Active Resource.
Active Support
- CVE-2015-3227 - Fixed Active Support vulnerable to Denial of Service via large XML document depth
Stay in the loop
~/herodevs-spring-framework-support
herodevs@nes:open-source$ ./display-support-info.sh