Rails 188.8.131.52 and 184.108.40.206 have been released!
These two releases contain only security fix that was already released as 4.0.12 and 4.1.8.
You can read more about the issue here (CVE-2014-7829).
4.0.12 and 4.1.8 were inadvertently based on their respective stable branches, and so incorporated
additional changes beyond those necessary to resolve the security issue. In keeping with our security
policy, it is our intention to include only the minimum necessary changes in security releases, to
ensure everyone can upgrade without fear of regressions. As those releases included unrelated changes,
we are providing new releases, based on the previous release, which contain only the security fix
If you have already successfully upgraded to 4.0.12 or 4.1.8, no further action is required.
Otherwise, if you are still on 4.0.11 or 4.1.7, please do upgrade to 220.127.116.11 or 18.104.22.168 at your
The 3.2.21 release did incorporate a second change, but that change was intended: by policy, minor
security-relevant bugs (which do not independently warrant a security release) are occasionally
backported to 3-2-stable, and rolled into a subsequent security release.
The commits for 22.214.171.124 can be found here,
and the commits for 126.96.36.199 can be found here.
Here are the checksums for 188.8.131.52:
$ shasum *184.108.40.206*
Here are the checksums for 220.127.116.11:
$ shasum *18.104.22.168*