08-11-2006, 10:12 AM
Quote:Were still hard at work on Rails 1.2, which features all the new dandy REST stuff and more, but a serious security concern has come to our attention that needed to be addressed sooner than the release of 1.2 would allow. So heres Rails 1.1.5!
This is a MANDATORY upgrade for anyone not running on a very recent edge (which isnt affected by this). If you have a public Rails site, you MUST upgrade to Rails 1.1.5. The security issue is severe and you do not want to be caught unpatched.
The issue is in fact of such a criticality that were not going to dig into the specifics. No need to arm would-be assalients.
So upgrade today, not tomorrow. Weve made sure that Rails 1.1.5 is fully drop-in compatible with 1.1.4. It only includes a handful of bug fixes and no new features...
full article: http://weblog.rubyonrails.org/2006/8/9/r...er-tidbits