Slashdot Mirror

← Back to Stories (view on slashdot.org)

Major Security Hole Found In Rails

Posted by ryuzaki0 on from the protect-yourself dept.

mudimba writes "A major security hole has been found in Ruby on Rails. Upgrading to version 1.1.5 is extremely urgent, and all previous versions except those "on a very recent edge" are affected. Details on the exact nature of the flaw will be coming soon, but the rails team has decided to wait a short time before disclosure so that people can have a chance to upgrade their servers before would-be-assailants are armed." Update: 08/10 13:56 GMT by J : Now they're saying only the last six months of releases are affected: 1.1.0 through 1.1.4.

10 of 177 comments (clear)

  1. Major Security Hole Found In Rails by kjart · · Score: 5, Funny

    ...and hundreds die in the resulting crash. When interviewed later the conductor said that he wishes he was told where the hole was so he could've stopped the train in time.

    1. Re: Major Security Hole Found In Rails by jkrise · · Score: 2, Funny

      Don't you find it odd that the conductor is alive and kicking, while hundreds of passengers died? I thought this scenario exists only in the software world, where the vendor escapes scot-free after defective software crashes his cutomers' systems...

      --
      If you keep throwing chairs, one day you'll break windows....
    2. Re: Major Security Hole Found In Rails by m0rph3us0 · · Score: 2, Funny

      They should have been made of Rearden metal and this would not have happend.

  2. Re:How few? by trickster721 · · Score: 5, Funny

    Penny Arcade runs on it... occasionally.

  3. Re:RoR lacks maturity by mpcooke3 · · Score: 5, Funny

    Yeah, I run windows it's been around for ages so it's nice and secure.

  4. Re:How few? by Daytona955i · · Score: 5, Funny

    Including:
    http://www.rubyonrails.org/index.php

    I still get a kick out of that.

  5. Security temporarily unavailable by telchine · · Score: 5, Funny

    http://wiki.rubyonrails.org/rails/pages/Security

    Service Temporarily Unavailable

    Seems an appropriate response!

  6. Patch by joebutton · · Score: 4, Funny

    Patch available here.

    --
    http://savingiceland.org
  7. Re:I'm really trying to like Rails, but... by Anonymous Coward · · Score: 1, Funny

    it's You

  8. Rails by quantum+bit · · Score: 4, Funny

    Maybe they should switch to a safe language that prevents buffer overflows and protects programmers from themselves.

    Oops.