Ruby on Rails
| Upstream URL | Security Risk | Abandonment Risk |
|---|---|---|
| https://rubyonrails.org/ | High | Very Low |
External contacts
The Ruby on Rails team is reachable via their public GitHub issue tracker. Additionally, a Discourse instance and an official Stack Overflow tag are both available for non-security related issues. Security issues are reported via HackerOne.
Security posture
The Rails framework is the underpinning of RR and therefore is a critical dependency for the security of RR.
Abandonment risk
The Ruby on Rails project is maintained by the corporation that started it and uses it, to this day, in their products. It is very unlikely to be abandoned.
Versioning policy
Presently, RR uses Rails 8.0. Future updates will track a semi-yearly cadence.