|
|
|
|
|
|
by bradleyland
4822 days ago
|
|
|
I disagree that it's simpler to regression test your own app. The recent minor-minor version upgrade passed Rails core tests, as well as test suites at high profile Rails users, yet it contained a regression that caused the disclosure of some sensitive issues at those same high profile shops. It's easier, from my viewpoint, to stick it out at a release that you know works for you, applying patches from the files contained in the CVEs. There's still a chance that the security patch will cause a regression, but at least you're not pulling in all the interim commits. |
|
|