Re: [PhillyOnRails] Any news on whats what with 1.1.5?

[Aaron Blohowiak <aaron@aaronblohowiak.com>]

Security issue, not something "broken" as in stopped functioning when functioned previously.

If you live on edge, you are actually safe from this flaw.

ALWAYS TEST before you go live with a new version of rails. Though they claim this is a drop-in, it isnt. It kills some rails apps that use certain plugins. Hit up #rubyonrails on freenode until this gets sorted out.

Aaron Blohowiak

On Aug 9, 2006, at 2:55 PM, Mike Zornek wrote:

http://weblog.rubyonrails.com/2006/8/9/rails-1-1-5-mandatory-security-patch-

and-other-tidbits

This is a MANDATORY upgrade for anyone not running on a very recent edge

(which isn’t affected by this). If you have a public Rails site, you MUST

upgrade to Rails 1.1.5. The security issue is severe and you do not want to be

caught unpatched.

The issue is in fact of such a criticality that we’re not going to dig into

the specifics. No need to arm would-be assalients.

I'm not really a fan of the fearful release note as seen above. I know some

Philly on Rails people live on edge. Anyone want to go in to detail on what

was actually broken? And how it was fixed?

~ Mike

-- 

Work: http://ClickableBliss.com

Play: http://MikeZornek.com

_______________________________________________

talk mailing list

talk@phillyonrails.org

http://lists.phillyonrails.org/mailman/listinfo/talk

_______________________________________________
talk mailing list
talk@phillyonrails.org
http://lists.phillyonrails.org/mailman/listinfo/talk