Rails 3.2.3 has been released

Apr 5, 2012

This release offers some cool updates. It's clear that everybody is concerned about what happened at GitHub a while back, when someone managed to access everybodys ssh keys by using mass-assignment to change his permission. So it's nice to see that the Rails community is addressing this. I really like that the auto-generated ActiveRecord models have been updated to show the importance of attr_accessible. Since a lot of people who are using rails can be fairly new to developing. For some it might even be the first thing the try. So unless they understand the risks, they might end up with an application with some serious security risks.

Another thing that I liked was the added function find_or_create_by_#{attribute}! to ActiveRecord, but that is mainly because I recently was looking for that exact function.

Further more, I'll take a look at the new options for remote-forms what with the changes to authenticity token and all.

Full release notes can be found here