Thursday, May 3, 2012

RUBY ON RAILS 3.2 AND 3.2.3

For Web development and web application development, increasingly open source software is used along with impressive user interface for rapid development of business applications. The performance level of Ruby on Rails has reached higher norms. Ruby on Rails is a fully developed web framework that allows a programmer to create a fully functional application on a single program. A Ruby on Rails Development Company provides services including:
 
           Ruby on Rails Installation
           Ruby on Rails technology solutions
           Ruby on Rails Upgrades
           Complete Ruby on Rails application deployment
           Ruby on Rails CMS (Rails Content Management System)
           Ruby on Rails Customization to business needs
           Ruby on Rails Maintenance
           Ruby on Rails Consultation
           Performance tuning and scaling
 
            Every ruby on rails developer wants to speed up the development process and reduce the errors. Rails provide a fast and easy development environment with quality results. With Ruby programming language, ruby on rails programmer need to write fewer lines of code compared to other programming languages to reach the same result. 
 
January 20, 2012, Rails 3.2 was released. The major improvements were the speed of resolving routes was improved. A rail 3.2 deprecates plugins which Rails 4.0 will remove them completely. Rails 3.2.3 was released March 31, 2012 with improved protection from mass assignment vulnerabilities.
 
For the ease of development, Rails 3.2.3 had allowed any field to be set in a mass assignment action in a database record and then left it to the developer to lock down the application. The change in Rails 3.2.3 now forces developers to white list fields for mass assignment by flipping the config.active_record. Whitelist_attributes property to true by default. This change affects new applications and ruby on rails developers must make sure their existing Rails applications for mass assignment vulnerabilities or to set the config.active_record.whitelist_attributes property to true in their applications.
 
There is another option featured in 3.2.3 release, it is to change to how authenticity_tokens are handled when doing remote forms, and an update to rack-cache while fixing a cookie leak. Other changes include a find_or_create_by_{attribute} dynamic method added, attribute_present fixed to return false for empty strings, a number of corrected regressions and other bug fixes – details of which can be found in the announcement and in the comparison between 3.2.2 and 3.2.3. Rails can be updated using "gem install rails" at the command line. The web application framework Ruby on Rails has been updated to fix two important security issues and several other bugs.
 
The two cross-site scripting issues that were fixed allow attackers to take advantage of improperly sanitized options tag fields and direct manipulation of a safe buffer to execute arbitrary HTML in the browser of users visiting a Rails site. The Rails 3.2.2 update also includes fixes which ensure log files are always flushed and that failing tests will exit with non-zero status codes. It also removes calls to some deprecated methods and includes various Ruby 2.0 compatibility fixes.

0 comments:

Post a Comment