How To: Update Ruby On Rails (to Fix a Security Vulnerability)

Ruby on Rails has of this writing released patches for a critical security vulnerability affecting nearly all versions of Rails. It is critical that your Rails applications be updated to one of the following versions:

• 3.2.11
• 3.1.10
• 3.0.10
• 2.3.15

If you have a cPanel server, make sure you have cPanel’s daily updates running. cPanel versions 11.35.0.4, 11.34.1.7, 11.32.5.18, and 11.30.7.6 include the updated versions of Rails. If you are running Rails on a core-managed server, you will need to update Rails yourself. Here’s how.

Updating With Bundler

If you’ve installed Rails using bundler and RubyGems, make sure you have the latest version in your Gemfile:

# rails '3.2.11'

Then run:

# bundle update rails

You will have to restart your application for the new Rails version to take effect.

Updating with Just RubyGems

If you are not using bundler, you can simply use RubyGems to update rails:

# gem update rails

Note that this will update Rails to the most recent version. If you wish to run one of the other patched versions, you will need to specify it like so:

# gem install rails -v 2.3.15

Again, your application will have to be restarted in order for the updates to take effect.