HeroDevs

Visit Rails NES Home Page

Rails 7.2.x Release Notes

2 versions

Changelog and Release Notes for the NES version of Rails 7.2

Mar 24, 2026

Latest: 7.2.3.1

116 Patched Vulnerabilities

March 2026

7.2.3.1

Released Mar 24, 2026

4 More

Notes

This release contains no functional change from the OSS Rails v7.2.3.1.

Security Fixes

Action View

CVE-2026-33168 — Fix possible XSS vulnerability in tag helpers.

Active Storage

CVE-2026-33658 - Fix possible DoS vulnerability in proxy mode via multi-range requests.
CVE-2026-33202 — Fix possible glob injection in DiskService.
CVE-2026-33195 — Fix possible path traversal in DiskService.
CVE-2026-33174 - Fix possible DoS vulnerability in proxy mode via Range requests.
CVE-2026-33173 — Fix insufficient filtering of metadata in direct uploads.

Active Support

CVE-2026-33176 — Fix possible DoS vulnerability in number helpers.
CVE-2026-33170 — Fix possible XSS vulnerability in SafeBuffer#%.
CVE-2026-33169 — Fix possible ReDoS vulnerability in number_to_delimited.

7.2.3

Released Mar 4, 2026

Notes

This is the initial release of Never-Ending Support (NES) for Rails v7.2.x.
This release contains no functional change from the OSS Rails v7.2.3.

Stay in the loop

~/herodevs-spring-framework-support

Open Source Support

When official support ends, we're just getting started.

New releases published regularly — check back often for the latest security updates

$ cat features.txt

Security Patches
Regular updates to keep your applications secure
CVE Remediation
Rapid response to critical vulnerabilities
Expert Support
Direct access to our development team