Ruby 3.2 Is EOL: What You Actually Need to Do

Ruby 3.2 reached end of life on March 31, 2026, meaning no future security patches will be issued. The post explains what EOL actually means, how to assess risk based on app exposure and compliance requirements (PCI DSS, HIPAA), and provides a practical upgrade path. Ruby 3.4 is recommended for most teams, with a stepping-stone through 3.3 to catch deprecation warnings. Key breaking changes in 3.4 include bundled gems no longer being default (base64, csv, bigdecimal) and the new `it` anonymous block parameter. Teams also on Rails 7.0 or 7.1 face a compound EOL problem. For teams that can't upgrade immediately, running bundle audit weekly, documenting a remediation plan, and setting a deadline are advised.