14 DAY TRIAL // The latest variant of the open source web application framework comes with some improvements, amongst which, a critical security patch that fixes an XSS vulnerability.
Rails 3.1.2 is no longer susceptible to a cross-site scripting attack that was possible due to a weakness in the translate helper method.
“When using interpolation in combination with HTML-safe translations, the interpolated input would not get HTML escaped,” reads the issue's description.
Other non-security related fixes include the swallow error when an object can't be unmarshalled from a session, a workaround was implemented for a bug which caused an error while attempting to convert a template from one encoding to another and other 20 problems were also patched up.
Sergey Nartimov is responsible for resolving the XSS issue, other large contributions being brought by Jon Leighton.
Ruby on Rails 3.1.2 / 2.3.14 is available for download here.