There is a XSS vulnerability on Simple Form’s error options. Versions affected: >= 2.0.0 Not affected: < 2.0.0 Fixed versions: 3.1.0, 3.0.3, 2.1.2 Impact When Simple Form renders an error message it marks the text as being HTML safe, even though it may contain HTML tags. In applications where the error message can be provided … »

Carlos Antônio, our first employee, is moving forward after 5 years at Plataformatec. In this blog post, we share a bit about our story, open source projects, and what Carlos is leaving as legacy to us.

Charlie Somerville recently tweeted he wished there was a good guide about maintaining open source software: I wish there was a good guide on maintaining OSS projects. I'm a maintainer of a reasonably popular project and I have NFI what I'm doing. — Charlie Somerville (@charliesome) April 26, 2014 In between consultancy jobs and building … »

Devise 3.0 rc version with Rails 4 compatibility and new 2.2.4 stable version. Simple Form, Responders, Show For and Mail Form versions with Rails 4 compatibility.

Besides the big and shiny features that Rails 4 holds, there’s a lot of small improvements on several other sections of the Rails framework – helpers, core extensions, app configurations and more – that might not even hit the Changelogs but will somehow make our lifes easier in the future. One of these hidden gems … »

When creating an Active Record object, either by using `new` or `create`/`create!`, or even through a `belongs_to` or `has_many` association, you can give a block straight to the method call instead of relying on `tap`. It is possible to avoid doing manual work, sometimes simple stuff such as using `tap` with methods like these, or sometimes more complicated things, by getting to know what a framework like Rails can give us for free.