Rails Long Term Support

Rails LTS is a commercially supported fork of Rails 2.3 (and soon Rails 3.2) that continues to receive security patches now that official support has ended.
A service provided by
makandra
Current version:
2.3.18.13

What's the issue?

With the release of Rails 4, support for Rails 2.3 has ended.

This puts older projects in an awkward position. Rails 2 is a stable and productive platform, but given recent security incidents leaving an unpatched Rails application in the wild is out of the question. An upgrade to a recent Rails version would be required in order to receive future security patches. Unfortunately, many API changes can make an upgrade very expensive.

With Rails LTS we want to offer a solution for Rails 2.3 projects that you can't or don't want to upgrade. Use Rails LTS either as a long-term solution or to provide you with more time for upgrading.

Compatibility

Rails LTS was conceived as a drop-in replacement and should require little to no changes in your application. See detailed system requirements.

Optionally you can activate hardened mode, which includes additional security patches that we recommend.

What do I get in LTS?

When a new advisory is posted to the official Rails security list we check if the vulnerability is applicable to Rails 2.3 applications. If so, we will patch the vulnerability in Rails LTS and release a new version of the Rails LTS gems.

As a subscriber to the Rails LTS service you will receive an e-mail as soon as new versions of the gems are released. You can then secure your application with a single command.

Why we can deliver

We are makandra, a 14-person Rails development shop responsible for maintaining ca. 50 Rails applications written in various versions of Rails. In order to shield our customers from disclosed exploits, we have been maintaining private forks of older Rails versions for quite some time already.

For Rails LTS we have cleaned up our private fork so other teams can benefit from our work.

Plans and pricing

Most of our plans come at a monthly fee, which we use to fund continued development of Rails LTS. We also offer a free community edition with delayed patch availability and no service level agreements.

Community

free

Startup

€150 / month
approx. $195 / month

Standard

€400 / month
approx. $520 / month

Enterprise

€750 / month
approx. $975 / month
Availability of patchesafter 10 days (info)ASAP (info)ASAP (info)ASAP (info)
Patches for Rails 2.3yesyesyesyes
Patches for Rails 3.2nosoonsoonsoon
Support for integrationnononoyes
Number of applications2 (info)unlimited (info)unlimited (info)
Term12 months12 months12 months
Discount for annual payment2 months free2 months free2 months free
Get CommunityGet StartupGet StandardGet Enterprise
  • Community:

    free
    Availability of patches
    after 10 days (info)
    Patches for Rails 2.3
    yes
    Patches for Rails 3.2
    no
    Support for integration
    no
    Number of applications
    Term
    Discount for annual payment
  • Startup:

    €150 / month
    approx. $195 / month
    Availability of patches
    ASAP (info)
    Patches for Rails 2.3
    yes
    Patches for Rails 3.2
    soon
    Support for integration
    no
    Number of applications
    2 (info)
    Term
    12 months
    Discount for annual payment
    2 months free
  • Standard:

    €400 / month
    approx. $520 / month
    Availability of patches
    ASAP (info)
    Patches for Rails 2.3
    yes
    Patches for Rails 3.2
    soon
    Support for integration
    no
    Number of applications
    unlimited (info)
    Term
    12 months
    Discount for annual payment
    2 months free
  • Enterprise:

    €750 / month
    approx. $975 / month
    Availability of patches
    ASAP (info)
    Patches for Rails 2.3
    yes
    Patches for Rails 3.2
    soon
    Support for integration
    yes
    Number of applications
    unlimited (info)
    Term
    12 months
    Discount for annual payment
    2 months free
¹
We will start working on patches on the next business day after a vulnerability was disclosed through the Rails security list.
Severe security issues like the remote code exploits in early 2013 will be processed with more urgency.
²
Coherent services that are comprised of multiple Rails applications still count as a single application for the purpose of Rails LTS licensing. E.g. if distinct Rails applications are used for the frontend and backend of the same site, this counts as a single application. Also if you operate multiple staging and production instances for the same site, this counts as a single application.
³
You may use Rails LTS for all Rails applications that are actively maintained by your organisation.

Service levels

Paid Rails LTS plans include service levels depending on the type of security issue:

Low-priority issues: Patches will be backported beginning on the first business day (in Germany) after announcement to the Rails security list.

Highest-priority issues: We will begin investigating the issue within 24 hours and shall produce a new release of Rails LTS as soon as commercially feasible.

Whether or not an issue qualifies as a "highest-priority issue" will be decided by us (makandra GmbH) on a case-by-case basis.

Free community plan

Patches will be made available to community subscribers 10 days after they have been released to paid subscribers.

How we count applications

Some plans allow you to use Rails LTS for an limited number of applications.

Coherent services that are comprised of multiple Rails applications count as a single application for the purpose of Rails LTS licensing. E.g. if distinct Rails applications are used for the frontend and backend of the same site, this counts as a single application. Also if you operate multiple staging and production instances for the same site, this counts as a single application.

Applications that are used to service distinct sites or clients are counted as separate applications.

Unlimited applications

Some plans allow you to use Rails LTS for an "unlimited" number of applications.

This means you may use Rails LTS for all Rails applications that are maintained by your organisation.

Support for integration

Some plans include support for the integration of Rails LTS.

Support is offered via e-mail during business days.

Upcoming Rails 3.2 support

According to the official Rails maintenance policy Rails 3.2 still receives limited support for very severe vulnerabilities. When Rails 5 is released in 2015, support for Rails 3.2 will end completely.

We plan to support Rails 3.2 when official maintenance ends. Our plan is to create a stable customer base to fund long-term maintenance of Rails 3.2. We already found an enterprise customer who allowed us to start working on this version.

Rails 3.2 support will be available to all Rails LTS customers on a Startup, Standard or Enterprise plan.

If your business is interested in commercial support for Ruby on Rails 3.2, please send an e-mail info@railslts.com.

Get the Rails LTS Community edition

Please complete the form to receive installation instructions.

(optional)
We post about new security patches and security advice relevant to Rails 2.3 (low volume)
You have chosen not to be notified when new versions of Rails LTS are released. This means you won't know when critical security patches might be available.
Rails LTS is a commercial service provided by makandra GmbH.
Rails LTS is not affiliated with the Rails core team or 37 signals.

Imprint

Postal address
makandra GmbH
Werner-von-Siemens-Str. 6
86159 Augsburg
Germany
Other ways to reach us
E-mail: info@makandra.com
Phone: 0049 821 58866 181
Fax: 0049 821 58866 199
Managing directors
Henning Koch, Dr. Thomas Eisenbarth
Commercial register
HRB 24202, Amtsgericht Augsburg
VAT-ID
DE243555898
Responsible for the content of this web site
Henning Koch
Last change: Mar 6th 2013

Privacy Policy

makandra appreciates your interest in our railslts.com website. Protecting the privacy of our customers is very important to us. The following data privacy policy applies to all information that you provide on this railslts.com website.

1. General Information

By accepting this data privacy policy, you expressly allow makandra to process your data in accordance with this data privacy policy. This privacy policy describes how we collect and use this information. makandra uses your data in strict accordance with the data protection regulations.

We will not sell or rent your personal information to third parties for their marketing purposes under any circumstances. If you do not agree with the terms of the data privacy policy, please do not fill out the contact form on our site.

Links to third-party websites

Some sections of our website contain links to third-party websites. These pages are subject to their own data privacy policies. makandra is not responsible for their operation, including data handling. Users who send information to or through such sites of third-party providers should check the data privacy policy of these sites before providing information to them.

2. Collected Information

Required Information

The use of our website railslts.com is usually possible without providing personal information. To use our contact form, you must specify your e-mail address among other information. We will use this personal information provided by you solely to contact you and to improve our rails lts product.

Technical safety

The server on which makandra is operated is located in the secured data center of an Internet service provider resident in the Federal Republic of Germany, and it is secured against unauthorized access. Only authorized employees of makandra and of the responsible Internet service provider, who are obliged to maintain confidentiality and data secrecy, have access to the data processing systems.

3. Right of access

According to the Federal Data Protection Act, you have the right to gratuitous information about your stored data, as well as, where appropriate, the right to correct, block or delete such data.

4. Website Tracking

To make our website more attractive and to establish the use of certain functions for you we use cookies on some pages of our website. These are small text files that are stored locally in the cache of your computer's Internet browser. Cookies, therefore, enable the recognition of the Internet browser on your next visit to our site, making our offering even more user-friendly, more effective, but also more secure. However, you have the option of setting your browser to reject cookies or set to be notified of them beforehand. In addition, you can delete cookies at any time on your system. Please use the help function integrated into your browser for more information on this topic.

Google Analytics, a Web analysis service of Google, Inc. ("Google"), is used by makandra for evaluation and to support online marketing activities. Google Analytics uses cookies, which are text files stored on your computer and which allow an analysis of your use of the website. The information generated by the cookie about your use of this website is generally transferred to a Google server in the USA and stored there. This website uses IP anonymization. Your IP address is reduced by Google basically within the Member States of the European Union or in other States of the European Economic Area. The full IP address is sent to a Google server in the USA and reduced there only in exceptional cases.

On behalf of makandra, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide further services related to website and Internet usage to makandra. The IP address that your browser transmits within the scope of Google Analytics will not be associated with any other data by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser; however, please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en

5. Contact person for data protection

For questions about collection, processing or use of your personal data in the event of informaiton provisions, reporting, blocking or deletion of data as well as recall of granted licenses, please contact: info@makandra.com

We are happy to answer questions concerning data privacy: info@makandra.com