Slashdot Mirror

← Back to Stories (view on slashdot.org)

Major Security Hole Found In Rails

Posted by ryuzaki0 on from the protect-yourself dept.

mudimba writes "A major security hole has been found in Ruby on Rails. Upgrading to version 1.1.5 is extremely urgent, and all previous versions except those "on a very recent edge" are affected. Details on the exact nature of the flaw will be coming soon, but the rails team has decided to wait a short time before disclosure so that people can have a chance to upgrade their servers before would-be-assailants are armed." Update: 08/10 13:56 GMT by J : Now they're saying only the last six months of releases are affected: 1.1.0 through 1.1.4.

1 of 177 comments (clear)

  1. Re:I'm really trying to like Rails, but... by dtietze · · Score: 1, Offtopic

    I agree. I recently built my first major Django site ( http://www.trogger.de/ -- shameless plug!) and used that project to learn Python and Django. All along I was really enjoying myself (as opposed to all the previous J2EE development that I've done) and felt incredibly productive.
    This is, of course, in part due to the Python language, with its dynamic features and the way it just "feels" right. But a large part was also the way the Django guys just 'get it'. I like their ORM. The database structures they generate make sense to me. I prefer developing an OO programming model abstraction and having that mapped to the database, rather than having the database introspected and then developing against the results. Django's way just feels more natural to me.
    The recent release of Django 0.95 was a major effort and an important milestone. Judging from the roadmap, Django 1.0 will be excellent.