Ruby 1.8.7 and Rails 2.x Are Both Now Retired

Chris Oliver

June 30, 2013

It's been a fantastic run for older versions of Ruby and Rails. I'm sure we all have lots of great memories with them, nice walks at the park, riding bicycles together, bowling, etc. But unfortunately it's time for us to say our goodbyes.

Neither of these will be provided support in the future from now on. That means that, unfortunately, any security vulnerabilities released for these will go unpatched unless you make changes to your application. As fair warning, you will get hacked if you continue running these in production publicly. People have been automating security exploits for a very long time and these are no different.

If you do need to continue using Rails 2.3, you can seamlessly switch over to using http://railslts.com which provides long term support for patching older Rails for newly discovered vulnerabilities. If your application still runs on 2.3, make sure you upgrade, it's even free if you wait a few days for the patches. If you're making any money with your application, make sure you pay for the premium version of Rails LTS so that you can get the patches immediately. Hopefully someone will do the same with Ruby 1.8.7.

So while it's usually painful to port your application to a new version of Ruby or Rails, it's well worth the investment to not wait too long. When your application is built upon a large framework, there are bound to be issues lying in wait and you don't want those to come back to bite you later on down the road. Do your best to keep up and give back to the community to keep it going forward.

P.S. You might enjoy following me on Twitter.


Comments