Effective immediately, 1.8.7 and 1.9.2 will be supported for security patchesuntil June 2014.
Terence Lee (@hone02)and Zachary Scott (@_zzak)will assume maintainership. After the 6 month maintenance period, we can add more committers to extendanother 6 months.
This maintenance extension is made possible by Heroku,see their blog post A Patch in Time: Securing Rubyfor more information.
Reporting issues
During this extended maintenance period we will only apply security patchesto the source code repository for 1.8.7 and 1.9.2.
We take security very seriously, if you find a vulnerability please report itto security@ruby-lang.org immediately. This mailing list is private andreported problems will be published after a fix is released.
Please see ruby-lang.org/en/security for more information.
On Release Management
As I mentioned above, we will only be applying security patches andincrementing the patch level.
We will not be releasing a patched version of 1.8.7 or 1.9.2 to ruby-lang.org.However, you are free to repackage binaries from source.
Reason being, we don’t want any new tickets, as an official release will resultin continued responsibility of ruby-core to follow up on maintenance. Our teamresources are already low, and we want to encourage upgrades, not supportoutdated versions.
Why resurrect 1.8.7?
You may remember an announcement approximately 6 months ago thatsunset 1.8.7.
While ruby-core will no longer resume maintenance of 1.8.7 or 1.9.2, Terenceand Zachary will support these versions for security maintenance as part of acorporate sponsorship.
In the past we have supported vendors who wish to maintain legacy versions. In2009 the maintenance of Ruby 1.8.6 was transfered to Engine Yard when theyreleased 1.8.6-p369.
Words of encouragement
We would like to take this chance to strongly encourage you to upgrade to asupported version of Ruby as soon as possible. Many ruby-core members have putcountless hours into improving the performance and features of Ruby in 2.0+ andwe wish you would take advantage of it.
Thank you for your continued support and lets keep making Ruby better!
Posted by zzak on 17 Dec 2013
