Rails LTS: The story behind the product

In 2013, the Ruby on Rails community faced a challenge: with the release of Rails 4, official support for version 2.3 came to an end. However, many companies continued to run applications on this stable but now insecure version. A solution was needed. A tweet from Patrick McKenzie got the ball rolling:

At makandra, we were supporting numerous applications on Rails 2.3 at the time. A complete upgrade was not realistic for many of our customers – the applications were stable, fulfilled their purpose, and new features were not a priority. At the same time, we were aware that without security updates, operation would not be responsible in the long term.

The decisive impetus came from a tweet by Patrick McKenzie. At that time, Rails LTS did not yet exist. But the idea was out there – and it struck a chord.

Shortly thereafter, we began maintaining a fork of Rails 2.3 internally and providing security updates. What started as a pragmatic solution for our own customers quickly became a standalone product that is now used by companies worldwide.

Many companies deliberately rely on proven technologies. A complete upgrade to a new major version of Rails not only involves technical effort, but also carries business risks: functionalities must be retested, adjustments made, and dependencies checked. In many cases, there is simply no economic incentive for such an upgrade – for example, in the case of stable applications that do not require new features, but only need to function reliably.

Patrick McKenzie described how critical it can be to run outdated versions of Rails in his 2013 blog post "If Your Business Uses Rails 2.3 You Need To Move To A Supported Option ASAP." His conclusion remains as valid today as it was then: if you work with old software, you need a reliable security anchor – such as Rails LTS.

Rails LTS gives companies planning security: stability and security remain guaranteed without the need to invest in short-term migration projects. This is a decisive factor for organizations with complex structures, internal specialist applications, or high documentation requirements.

Rails LTS provides security updates for Rails versions that are no longer officially supported – currently for versions 2.3, 3.2, 4.2, 5.2, and 6.1. We place particular emphasis on:

• Fast response times: Security vulnerabilities are usually patched within 24 hours of being discovered.
• Compatibility: Rails LTS is a drop-in replacement for the respective Rails version – without any changes to the application code.
• Support for modern Ruby versions: All Rails LTS versions are compatible with current Ruby versions up to and including 3.3.

These aspects enable companies to run their applications securely without having to perform immediate upgrades.

We regularly publish technical notes via makandra cards to keep the operation of legacy projects as low-maintenance as possible. This ensures that not only Rails itself, but also the entire ecosystem surrounding the application, functions reliably.

Our Senior Principal Engineer Tobias Kraze describes the practical challenges behind the Rails LTS offering in a podcast episode of Remote Ruby. He explains how makandra originally developed Rails LTS for its own needs – and why we now take on this responsibility for others as well.