Aaron Blohowiak on 9 Aug 2006 19:40:52 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PhillyOnRails] Any news on whats what with 1.1.5?

Security issue, not something "broken" as in stopped functioning when functioned previously.

If you live on edge, you are actually safe from this flaw.

ALWAYS TEST before you go live with a new version of rails. Though they claim this is a drop-in, it isnt. It kills some rails apps that use certain plugins. Hit up #rubyonrails on freenode until this gets sorted out.

Aaron Blohowiak

On Aug 9, 2006, at 2:55 PM, Mike Zornek wrote:


This is a MANDATORY upgrade for anyone not running on a very recent edge
(which isn’t affected by this). If you have a public Rails site, you MUST
upgrade to Rails 1.1.5. The security issue is severe and you do not want to be
caught unpatched.

The issue is in fact of such a criticality that we’re not going to dig into
the specifics. No need to arm would-be assalients.

I'm not really a fan of the fearful release note as seen above. I know some
Philly on Rails people live on edge. Anyone want to go in to detail on what
was actually broken? And how it was fixed?

~ Mike

talk mailing list

talk mailing list