Today we released RhoConnect 3.4.3. This version addresses an important security patch that was added to rack, a 3rd party dependency we use.
RhoConnect 3.4.3 locks the minimum required version of rack to 1.5.2, which addresses the following security advisories: CVE-2013-0263 and CVE-2013-0262. More information about these issues are available on the rack group. You should upgrade to rhoconnect 3.4.3 as soon as possible or upgrade your rack version to 1.5.2 manually.
Other fixes included in this release:
* `rhoconnect spec` command now works in production mode
* locked connection_pool gem version to 0.9.2 since 0.9.3 is not compatible with Ruby 1.8.7
Installation (gem only):
$ gem install rhoconnect
1. Upgrade your application to 3.4.x if you haven't already:
2. Change rhoconnect gem version to "3.4.3" in your app's Gemfile
3. Run "bundle install" to install rhoconnect
Installation (linux rpm/deb packages):