The upgrade process is pretty smooth, the latest Sinatra release still runs all the first example apps published in 2007.
Also, the Sinatra code base is pretty small, so just because it's no longer officially maintained doesn't mean you can't run Sinatra 1.2.0. All security issues we have seen so far have all been in Sinatra dependencies (namely Rack) and never in Sinatra itself.
If you are stuck on an unmaintained Ruby version that's a way bigger issue than being stuck on an unmaintained Sinatra version. You should not run Ruby 1.8.6 in production for security reasons.
Many projects out there follow the two maintained feature versions approach, like Rails. How many versions of Sinatra should see regular releases? What about 1.1.x? Or 0.9.x?
It has also been announced with the 1.3.0 release that 1.2.x will be continued until the 1.4.0 release.
Being stuck on 1.2.x is pretty bad, as it still ships without rack-protection.
Also, the Sinatra code base is pretty small, so just because it's no longer officially maintained doesn't mean you can't run Sinatra 1.2.0. All security issues we have seen so far have all been in Sinatra dependencies (namely Rack) and never in Sinatra itself.
If you are stuck on an unmaintained Ruby version that's a way bigger issue than being stuck on an unmaintained Sinatra version. You should not run Ruby 1.8.6 in production for security reasons.
Many projects out there follow the two maintained feature versions approach, like Rails. How many versions of Sinatra should see regular releases? What about 1.1.x? Or 0.9.x?
It has also been announced with the 1.3.0 release that 1.2.x will be continued until the 1.4.0 release.
Being stuck on 1.2.x is pretty bad, as it still ships without rack-protection.