After a few years of service, old versions of the Ruby on Rails framework reach end-of-life. At this point the volunteer team that maintains Rails will no longer provide security patches against criticial security incidents.
When community support for a popular version of Rails ends, Rails LTS takes over maintenance and continues to provide security patches. When a new advisory is posted to the official Rails security list, we will patch the vulnerability and release a new version of the Rails LTS gems.
We are makandra, a team of veteran Rails developers and operations engineers.
makandra is responsible for maintaining around 50 Rails applications, some of which are as old as 2007. In order to shield our customers from exploits, we've been maintaining private forks of older Rails versions for many years. These forks eventually became Rails LTS.