Rails 3.2.3 has been released
Apr 5, 2012 - Daniel Viklund
This release offers some cool updates. It’s clear that everybody is concerned about what happened at GitHub a while back, when someone managed to access everybodys ssh keys by using mass-assignment to change his permission. So it’s nice to see that the Rails community is addressing this. I really like that the auto-generated ActiveRecord models have been updated to show the importance of attr_accessible. Since a lot of people who are using rails can be fairly new to developing. For some it might even be the first thing the try. So unless they understand the risks, they might end up with an application with some serious security risks.