Major Security Hole Found In Rails

mudimba writes "A major security hole has been found in Ruby on Rails. Upgrading to version 1.1.5 is extremely urgent, and all previous versions except those "on a very recent edge" are affected. Details on the exact nature of the flaw will be coming soon, but the rails team has decided to wait a short time before disclosure so that people can have a chance to upgrade their servers before would-be-assailants are armed." Update: 08/10 13:56 GMT by J : Now they're saying only the last six months of releases are affected: 1.1.0 through 1.1.4.

odd...

[loginx]

"...but the rails team has decided to wait a short time before disclosure so that people can have a chance to upgrade their servers before would-be-assailants are armed."

I'm sorry but I don't get it... if they don't disclose it, how can people know that they need to upgrade their server?
Sure, it's good if would-be-attackers aren't aware, but that also means your users aren't aware, right?

ten times faster!

[angelwalkwithme]

I once saw the following espoused on a RoR website: What would you think if I told you that you could develop a web application at least ten times faster with Rails than you could with a typical Java framework? You can--without making any sacrifices in the quality of your application! How is this possible?

I'll tell you how it's possible.... YOU FORGOT TO IMPLEMENT THE DAMN SECURITY AND A STABLE FRAMEWORK!!! Seriously, it might be an ideal application for my college course class, but the excessive hype around this project has never sold me on using RoR for anything where my responsibility lay.

Where's the outrage??

[therealking]

Rails has a security flaw and it's not being detailed.

Come on where's the outrage?