TulipTools Internet Business Owners and Online Sellers Community

TulipTools Internet Business Owners and Online Sellers Community > Programming and Databases > Programming and Databases > Ruby on Rails > Mandatory Upgrade: Major Security Hole Found in Ruby on Rails
Full Version: Mandatory Upgrade: Major Security Hole Found in Ruby on Rails
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

mandy

08-11-2006, 10:12 AM
Quote:We’re still hard at work on Rails 1.2, which features all the new dandy REST stuff and more, but a serious security concern has come to our attention that needed to be addressed sooner than the release of 1.2 would allow. So here’s Rails 1.1.5!

This is a MANDATORY upgrade for anyone not running on a very recent edge (which isn’t affected by this). If you have a public Rails site, you MUST upgrade to Rails 1.1.5. The security issue is severe and you do not want to be caught unpatched.

The issue is in fact of such a criticality that we’re not going to dig into the specifics. No need to arm would-be assalients.

So upgrade today, not tomorrow. We’ve made sure that Rails 1.1.5 is fully drop-in compatible with 1.1.4. It only includes a handful of bug fixes and no new features...

full article: http://weblog.rubyonrails.org/2006/8/9/r...er-tidbits
TulipTools Internet Business Owners and Online Sellers Community > Programming and Databases > Programming and Databases > Ruby on Rails > Mandatory Upgrade: Major Security Hole Found in Ruby on Rails