[bensedat]

Looks like the Rails 3.2 update drags along a few other unrelated changes, although they appear to be fairly minor: https://github.com/rails/rails/compare/v3.2.18...v3.2.19

as compared to: https://github.com/rails/rails/compare/v4.1.2...v4.1.3 and https://github.com/rails/rails/compare/v4.0.6...v4.0.7

[thibaut_barrere]

I use this now to make sure I review before updating:

https://gist.github.com/thbar/7dc97d3f5f6a52e4fa00

(obviously not to be used in a CI environment).

Also, if you want to make sure you get push notification for security updates, check out this:

http://thibautbarrere.com/how-to-get-push-notifications-for-...

(I get only critical stuff as pushes, and get notified even in the rare case that the rails security email goes to spam as it happened once previously).

[bensedat]

If you're applying a patch manually to Rails 4.0/4.1, there was a regression and new versions have been issued: https://groups.google.com/forum/#!topic/rubyonrails-security...

[jerhinesmith]

You'd have thought they'd stop doing that after the Github email embarrassment:

https://github.com/blog/1440-github-enterprise-email-inciden...