Vote #74070
完了Drop Ruby 1.8.7 support
0%
説明
Ruby 1.8.7 retired on the end of June 2013.
http://www.ruby-lang.org/en/news/2013/06/30/we-retire-1-8-7/
journals
A prominent mention on the frontpage would IMHO be a good idea, too... if we had the banner plugin here on redmine.org I'd use that...
Made a sticky post: message#38518
--------------------------------------------------------------------------------
This could be tied to Rails 4 switch.
--------------------------------------------------------------------------------
Etienne Massip wrote:
> This could be tied to Rails 4 switch.
No. Ruby team won't release security fix for Ruby 1.8.7.
--------------------------------------------------------------------------------
Ruby 1.9.2 is not maintained any longer.
http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/
https://twitter.com/steveklabnik/status/350521242081697792
https://twitter.com/fceller/status/350521245462298624
--------------------------------------------------------------------------------
Toshi MARUYAMA wrote:
> No. Ruby team won't release security fix for Ruby 1.8.7.
Some distros are going to provide security fixes for quite some time (ex: Ubuntu will do till April 2017).
--------------------------------------------------------------------------------
Simon Deziel wrote:
> Some distros are going to provide security fixes for quite some time (ex: Ubuntu will do till April 2017).
Updated message#38518 accordingly.
Link?
--------------------------------------------------------------------------------
Toshi MARUYAMA wrote:
> Etienne Massip wrote:
> > This could be tied to Rails 4 switch.
>
> No. Ruby team won't release security fix for Ruby 1.8.7.
I think you don't get me.
Redmine 2.x should still support 1.8.7 language and run fine on latest MRI. I've added a note in [[RedmineInstall]] to discourage its use for new setups, but people should be able to update their Redmine instance to the latest release without reinstalling the full stack.
Rails 4.0 is out and has dropped support for 1.8.7.
-> Redmine could drop 1.8.7 support when switching to Rails 4.0, whenever it will be.
--------------------------------------------------------------------------------
Jan Niggemann wrote:
> Simon Deziel wrote:
> > Some distros are going to provide security fixes for quite some time (ex: Ubuntu will do till April 2017).
> Updated message#38518 accordingly.
> Link?
I don't have any link for this specifically but LTS versions of Ubuntu include security fixes for 5 years for all packages part of the "main" repository (maintained by Canonical). The current LTS version was released in April 2012 and shipped with ruby 1.8.7 so this package will be maintained with security fixes till April 2017.
Note that this same LTS version also ships ruby 1.9.3 (http://packages.ubuntu.com/precise/ruby1.9.1, which is truely 1.9.3 despite the name/version) and this version too is maintained for 5 years.
--------------------------------------------------------------------------------
Jan Niggemann wrote:
> Simon Deziel wrote:
> > Some distros are going to provide security fixes for quite some time (ex: Ubuntu will do till April 2017).
> Updated message#38518 accordingly.
> Link?
Ubuntu just issued a security fix for ruby 1.8.7 and 1.9.3: http://www.ubuntu.com/usn/usn-1902-1/
--------------------------------------------------------------------------------
"Security Maintenance Extension of Ruby 1.8.7 and 1.9.2":https://www.ruby-lang.org/en/news/2013/12/17/maintenance-of-1-8-7-and-1-9-2/
> Effective immediately, 1.8.7 and 1.9.2 will be supported for security patches until June 2014.
--------------------------------------------------------------------------------
"Extended maintenance of Ruby versions 1.8.7 and 1.9.2 will end on July 31, 2014."
https://www.ruby-lang.org/en/news/2014/07/01/eol-for-1-8-7-and-1-9-2/
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Now that trunk runs with Rails 4.1, ruby >= 1.9.3 is required.
--------------------------------------------------------------------------------
related_issues
relates,Closed,14534,Upgrade to Rails 4.2