Agile Ajax » Major Security Hole Found in Rails » Pathfinder Development

Pathfinder is a software development firm. Hire us to build complex software that's easy to use.

Toll free 866.882.7215

Major Security Hole Found in Rails

Dietrich Kappe, Thursday, August 10, 2006 @ 11:59 am

For all of you using Ruby on Rails, this announcement passed on as a public service:

We're still hard at work on Rails 1.2, which features all the new dandy REST stuff and more, but a serious security concern has come to our attention that needed to be addressed sooner than the release of 1.2 would allow. So here's Rails 1.1.5!

This is a MANDATORY upgrade for anyone not running on a very recent edge (which isn't affected by this). If you have a public Rails site, you MUST upgrade to Rails 1.1.5. The security issue is severe and you do not want to be caught unpatched.

The issue is in fact of such a criticality that we're not going to dig into the specifics. No need to arm would-be assalients.

So upgrade today, not tomorrow. We've made sure that Rails 1.1.5 is fully drop-in compatible with 1.1.4. It only includes a handful of bug fixes and no new features

Update 1: A more extensive entry on the details behind the security hole.

Technorati : rails, ruby, security

Topics: Ruby on Rails, Security

Agile Ajax

Comments: 1 so far

by the time you posted it. 1.1.5 had a even bigger hole..

upgrade to 1.1.6 folks!

Comment by nil, Wednesday, August 16, 2006 @ 10:58 am

Leave a comment

« Next Post Blog Home Previous Post »

We are a user experience design and software development firm

See what we've done.

Learn how we work.

Subscribe via email

Subscribe via RSS

.NET .NET Browser Control 2d physics 3d 3D GPS 3D physics 37signals Acceptance Tests Accessibility ActionMailer actionscript activerecord acts_as_ferret Add new tag Adium ADO.NET Entity Framework Adobe Adobe AIR adobe flex Adobe Illustrator Advertising aggregation agile Agile Development agile thinking AIR Ajax Ajax Applications Ajax Bookmarking Ajax Components Ajax Development Ajax Examples Ajax Experience Ajax Frameworks Ajax history management Ajax Intervention Ajax libraries Ajax library AJAX Obfuscation Ajax Performance Ajax Products Ajax toolkit Ajax Tools Ajax Widgets A list apart Amazon Amazon CDN Amazon Web Services amf Analysis Android animation Announcement Announcements antennae Antipatterns Apache Apollo apple Application Architecture Application Development architecture AS3 ask a UI guy ASP.NET ASP.NET asterisk Asynchronous Processing authorization awards axiis Azure Back Button backups bandwidth bandwidth profiling Beans beer Benchmarking Best Practices BitmapData.draw BJAX blackberry Blaze Advisor blender blog blogging book review Books braindump browser Browsers Bugs Business Business Reasons for Ajax Business Rules C# caching campfire Canvas capistrano Case Studies CFO Charles checklist chess Chesspresso Chicago chicagoruby chirb windycityrails CIO Cloud Computing CloudFront CMS COBOL Cocoa code code art Code Generation code generator Color COMET Conference Confluence Consistency Content Management continuous integration converget appliances core animation CRM cruise CruiseControl CSS cucumber Custom Application Development Custom Flex Component Data Mapper data visualization Degrafa deployment deprec Design Design Patterns design thinking Desktop Desktop RIA Developer's Notebook development DHTML Diagnose Dojo Domain Knowledge don norman Drools drupal dynamic languages ease of use EC2 Echo2 Echo3 Editorial Entrepreneur erb ERP Estimating estimation Ethnographic Research events everyblock Excel externalinterface Ext JS Extreme Programming eye tracking Facebook factory Feedback Loop ferret FileReference Firebug Firefox Firefox Extensions fixturereplacement fixture replacement fixtures Flare Flash flash awards Flash Platform flash player flash player 10 Flash Player optimization Flash Remoting Flex Flex3 flex code generator flex css flexmock Flex optimization flex skins flexunit Flickr Flock Flow Fluent forms Frameworks FriendFeed front end front end development fulltext search functional Games Gauge Component gem getting things done Git github gitignore Golf Google Google Analytics Google Analytics for Flash Google Analytics for Flex google android Google calendar google docs Google Gadgets Google Gears google maps GORM government g phone Grails Graphics Greasemonkey Groovy GStreamer GTD Gwittir GWT h.264 haml hardware Healthcare heuristic evaluation Hibernate hosting HTML Hudson IBM IDE Ideation IE IE6 IE7 IE8 iGoogle illustrator cs3 ILog ILOG JRules imacros importing graphics to flex Information Architecture infrastructure Innovation Instructional Design Interaction Design interaction patterns design Internship Interview iPhone iPhone SDK iPod irb iteration IT Mill Toolkit iTunes jakob nielson Java javafx Javascript JavaScript frameworks Javascript Libraries JBoss Rules Jess Jetty JIT jmeter Jobs jQuery JSF JSON JSP JSR-94 JsUnit laptop Lazlo Legacy Systems lightweight LinkedIn LINQ logging Logical Model and Conceptual Model Low Pro Mac Malware mapping Mash Note Mashups math Meebo metal metaprogramming MetaWidget Methodology Microformats microsite Microsoft migrations minimalism Mobile mobile platform mocking mock objects modeling mod_rails monitoring Mootools mouse mouse scroll mouse wheel Mozilla Music MVC MySql natural key neal ford NetNewsWire networking news newspapers nfjs NHibernate nokia notebook NSURLProtocol obj-c Object-Oriented Objective-C Object Relation Mapping (ORM) ocmock Office OmniGraffle online spreadsheets OOAD OOP opengl Open Screen OpenSocial Open Source opensource Opera Oracle ORM osx OS X pagination Pair Programming palm papervision3d Pathfinder Development Patterns Peer Creation Performance Personas PGN PHP Phusion Passenger physics physics engines planning plugin plugins portableapps pragmatic Predictions preloader primary key process Web/Tech Product Definition Production Support productive programer productivity product launch Progressive Enhancement project concept project management Project Website Prototype Prototyping PureMVC PV3D pyro QA qooxdoo Radiant CMS rails railscasts Rails Environment Tests railsrx Really Simple History Refactor refactoring References regex regular expressions Requirements Requirements Alice Toth Requirements Visualization resesign Restlet RETE Review rfp ria Rich Interactions rich internet applicaiton rich internet applications ROI rspec ruby rubyamf Ruby on Rails Ruby on Rails testing role S3 SaaS Safari San Francisco Scalability Scenarios Scriptaculous Scrum SDLC Search Secretariat Security Selenium SeleniumIDE Semantic web SEO Server Side shoulda Silverlight simplicity skins SOA soapUI Social Networking software develoment Software Development Software Engineering Software Processes Songbird SpiderMonkey Sprajax Spreadsheets StageScaleMode Standards standish starting projects Startups static typing Stencils STI Story Telling Structured Design Struts sun surrogate key Swing tabs tag taglib Tamarin Tank Engine Task Flows tdd teams telephony Tellurium test::unit Test Driven Development Testing tether textmate The Ajax Experience throttling Tilt Component Tools touch screen kiosk TraceMonkey Training Trends Tumblr Tutorial Tutorials Twitter ubuntu UI UIViewController uml unit testing Unit Tests unity3d Usability Usability Testing user driven agile User Experience user experience design user groups user interface User Interface Standards User Research UXD value Venture Capital Video Vision visual analytics visual design visual documentation Visualization VLC VML Volta waterfall watij watir web Web/Tech Web 2.0 web app Web Design Web Development web forms web hosting web infrastructure Webkit Weblogs Web Services WebSockets Web Standards WebTest Widgets will_paginate Windows windows mobile WinForms Wireframes WordPress workflow work life balance xcode XML XML Metadata xp XUL Yahoo Map AS3 API YUI Zeigarnik Zeigarnik Effect ZendAMF ZK

Log in

Copyright © 1998-2009 Pathfinder Development LLC

Comments about this site: info@pathf.com