Major Security Hole Found In Rails

Major Security Hole Found In Rails 177

Posted by samzenpus on Thursday August 10, 2006 @07:00AM from the protect-yourself dept.

mudimba writes "A major security hole has been found in Ruby on Rails. Upgrading to version 1.1.5 is extremely urgent, and all previous versions except those "on a very recent edge" are affected. Details on the exact nature of the flaw will be coming soon, but the rails team has decided to wait a short time before disclosure so that people can have a chance to upgrade their servers before would-be-assailants are armed." Update: 08/10 13:56 GMT by J : Now they're saying only the last six months of releases are affected: 1.1.0 through 1.1.4.

Major Security Hole Found In Rails

This discussion has been archived. No new comments can be posted.

Search 177 Comments Log In/Create an Account

Comments Filter:

Major Security Hole Found In Rails (Score:5, Funny)

by kjart ( 941720 ) writes: on Thursday August 10, 2006 @07:07AM (#15879321)

...and hundreds die in the resulting crash. When interviewed later the conductor said that he wishes he was told where the hole was so he could've stopped the train in time.

Re:How few? (Score:5, Funny)

by trickster721 ( 900632 ) writes: on Thursday August 10, 2006 @07:20AM (#15879348)

Penny Arcade runs on it... occasionally.

Re:RoR lacks maturity (Score:5, Funny)

by mpcooke3 ( 306161 ) * writes: on Thursday August 10, 2006 @07:47AM (#15879422) Homepage

Yeah, I run windows it's been around for ages so it's nice and secure.

Re:How few? (Score:5, Funny)

by Daytona955i ( 448665 ) writes: <{moc.oohay} {ta} {42yugnnylf}> on Thursday August 10, 2006 @07:52AM (#15879442)

Including:
http://www.rubyonrails.org/index.php [rubyonrails.org]

I still get a kick out of that.

Re: Major Security Hole Found In Rails (Score:3, Funny)

by jkrise ( 535370 ) writes: on Thursday August 10, 2006 @07:56AM (#15879451) Journal

Don't you find it odd that the conductor is alive and kicking, while hundreds of passengers died? I thought this scenario exists only in the software world, where the vendor escapes scot-free after defective software crashes his cutomers' systems...

Security temporarily unavailable (Score:5, Funny)

by telchine ( 719345 ) writes: on Thursday August 10, 2006 @08:49AM (#15879728)

http://wiki.rubyonrails.org/rails/pages/Security [rubyonrails.org]

Service Temporarily Unavailable

Seems an appropriate response!

Patch (Score:4, Funny)

by joebutton ( 788717 ) writes: on Thursday August 10, 2006 @08:58AM (#15879822)

Patch available here [djangoproject.com].

Re:I'm really trying to like Rails, but... (Score:1, Funny)

by Anonymous Coward writes: on Thursday August 10, 2006 @09:38AM (#15880224)

it's You

Rails (Score:5, Funny)

by quantum bit ( 225091 ) writes: on Thursday August 10, 2006 @09:54AM (#15880393) Journal

Maybe they should switch to a safe language that prevents buffer overflows and protects programmers from themselves.

Oops.

Re: Major Security Hole Found In Rails (Score:3, Funny)

by m0rph3us0 ( 549631 ) writes: on Friday August 11, 2006 @01:27AM (#15887114)

They should have been made of Rearden metal and this would not have happend.

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Major Security Hole Found In Rails 177

Major Security Hole Found In Rails More Login

Major Security Hole Found In Rails

Major Security Hole Found In Rails (Score:5, Funny)

Re:How few? (Score:5, Funny)

Re:RoR lacks maturity (Score:5, Funny)

Re:How few? (Score:5, Funny)

Re: Major Security Hole Found In Rails (Score:3, Funny)

Security temporarily unavailable (Score:5, Funny)

Patch (Score:4, Funny)

Re:I'm really trying to like Rails, but... (Score:1, Funny)

Rails (Score:5, Funny)

Re: Major Security Hole Found In Rails (Score:3, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot