LOUD SIGHING.

github.com/rails/rails/issues/

Arbitrarily changing the maintenance policy, during the week where Rails has had its HIGHEST NUMBER OF CONTRIBUTORS feels incredibly petty and reactionary.

There was a contract here that 6.1 would receive all security updates, now it’s only critical ones. Some security rules don’t give a fuck if the updates are critical or not — you MUST patch the systems.

1
Share
Share on Mastodon
Share on Twitter
Share on Facebook
Share on Linkedin
Ryan Bigg

Rafael from Rails Core has amended this now, and the CVE isn't applicable to Rails 6.1. There'll be a grace period for Rails 6.1apps. see the issue for more details.

1
9mo
Replies