There is a XSS vulnerability on Simple Form’s error options. Versions affected: >= 2.0.0 Not affected: < 2.0.0 Fixed versions: 3.1.0, 3.0.3, 2.1.2 Impact When Simple Form renders an error message it marks the text as being HTML safe, even though it may contain HTML tags. In applications where the error message can be provided … »

The article below was originally written by Kasper Timm Hansen (@kaspth on github & twitter) about his work during the Google Summer of Code 2013. Kasper and I worked a lot changing the underlying implementation of the sanitize helper to give Rails developers a more robust, faster and secure solution to sanitize user input. This … »

We just released Simple Form 3.1.0.rc1 with support to Bootstrap 3. To make it possible, we leveled up the Wrapper API to make it more extensible and to allow developers to directly configure it instead of relying on global state. After such improvements, it was very easy to change the Simple Form configuration to work … »

There is a XSS vulnerability on Simple Form’s label, hint and error options. Fixed versions: 3.0.1, 2.1.1

Rafael França shows how Plataformatec manages the development setup using Boxen, a tool created on top of puppet to automate machine setups.

In this post we talk about the motivation of the composed_of removal in the Rails 4.0 and the possible replacements