Ruby on Rails severe security flaw discovered and patched

By Justin Mann on August 10, 2006, 11:40 AM
Anyone who maintains a server with or uses the popular development framework Ruby on Rails should be aware of a severe security flaw in the suite. Warning of an immediate required upgrade, RoR has announced today on their site that the 1.1.5 release will fix the flaw. They are quite insistent on getting it across that this is something that must be taken care of:

This is a MANDATORY upgrade for anyone not running on a very recent edge (which isn’t affected by this). If you have a public Rails site, you MUST upgrade to Rails 1.1.5. The security issue is severe and you do not want to be caught unpatched.
Whether a panic upgrade or a silent approach would have been best isn't really the issue now, but making sure that you are patched is. Non-developers can pretty much ignore this, though if you maintain a site on a server that uses RoR you may want to make sure your host provider knows. If you are using a very old version of RoR, 1.0 or earlier, you are unaffected by this flaw. The particular details of how to replicate or identify the flaw aren't being made available by them.




Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.