看看 Rails 博客怎么说的：
The 2.3.7 release slipped out the door too hastily. Fixing compatibility with the rails_xss plugin inadvertently forced everyone to use it. Facepalm.
I apologize for wasting a chunk of your day on installing what ought to have been a patch-level update only to find it breaks your app. That’s well out of line with our stable release process and it’s my fault for stepping out of it. I got caught up in a sky-is-falling response to a 2.3.6 bug that affected a handful of users and responded with a fix that exposed a new flaw to nearly all users, despite testing and sanity checking.