3-2-dynamic_finder_injection.patch 3-2-null_array_param.patch 3-2-xml_parsing.patch
The changelogs didn't cleanly apply but everything else did. In your Gemfile,
gem 'rails', :git => 'git://github.com/adamonduty/rails', :branch => '3.2.8_with_security_patches'
This will install version 3.2.8a. If you get a bundler error "NoMethodError: undefined method [] for nil:NilClass", try upgrading your rubygems-bundler gem to version 1.1.0.
See https://github.com/adamonduty/rails/tree/3.2.8_with_security... for the commits.
Given the number of changes and known issues in 3.2.9, I don't understand why the core team didn't perform a similar release.
[1] https://groups.google.com/forum/?fromgroups=#!topic/rubyonra...
3-2-dynamic_finder_injection.patch 3-2-null_array_param.patch 3-2-xml_parsing.patch
The changelogs didn't cleanly apply but everything else did. In your Gemfile,
gem 'rails', :git => 'git://github.com/adamonduty/rails', :branch => '3.2.8_with_security_patches'
This will install version 3.2.8a. If you get a bundler error "NoMethodError: undefined method [] for nil:NilClass", try upgrading your rubygems-bundler gem to version 1.1.0.
See https://github.com/adamonduty/rails/tree/3.2.8_with_security... for the commits.
Given the number of changes and known issues in 3.2.9, I don't understand why the core team didn't perform a similar release.
[1] https://groups.google.com/forum/?fromgroups=#!topic/rubyonra...