Ruby on Rails
| Upstream URL | Security Risk | Abandonment Risk |
|---|---|---|
| https://rubyonrails.org/ | High | Very Low |
External contacts
The Ruby on Rails team is reachable via their public GitHub issue tracker. Additionally, a Discourse instance and an official Stack Overflow tag are both available for non-security related issues. Security issues are reported via HackerOne.
Security posture
The Rails framework is the underpinning of MoR and therefore is a critical dependency for the security of MoR.
Abandonment risk
The Ruby on Rails project is maintained by the corporation that started it and uses it, to this day, in their products. It is very unlikely to be abandoned.
Versioning policy
Presently, MoR uses Rails 7.1, matching the version of Rails in use for the Website project. Both MoR and Website are planned to update to 7.2 in Q2 2025, which is before the 7.1 EoL date of October 2025.
Rails 7.2 will EoL in August 2026. We plan to evaluate Rails 8 by the end of Q4 2025. Future updates will track a yearly cadence.