Cloud Foundry: Design and Architecture
Derek Collison discusses the goals, the design premises and patterns employed in creating the architecture of Cloud Foundry, VMware’s open source PaaS, unveiling internal architectural details.
News
The content has been bookmarked!
There was an error bookmarking this content! Please retry.
Rails 1.1.5 Released With Crucial Security Fixes
Posted by Peter Cooper on Aug 09, 2006
Rails 1.1.5 has been released today, but there are no new features. It's important, however, as it contains a number of bug fixes and a 'mandatory security patch' which David Heinemeier Hansson, creator of Rails, claims is significant:
This is a MANDATORY upgrade for anyone not running on a very recent edge (which isn’t affected by this). If you have a public Rails site, you MUST upgrade to Rails 1.1.5. The security issue is severe and you do not want to be caught unpatched.
Even though details of the security flaws are not officially being given, it wouldn't take a would-be hacker long to run a diff between 1.1.4 and 1.1.5, so if you're running Rails 0.13 through 1.1.4, upgrade as soon as possible. For more information see David's post at the official Rails blog.
RelatedVendorContent
Agile Maturity Model Applied to Building and Releasing Software
Deliver quality code quicker with "Go" Agile release management
Continuous Delivery: Anatomy of a Deployment Pipeline
Branching & Merging Efficiently: A Guide to Using Process-Based Promotional Patterns
Improving Software Delivery Cycles: Pre-requisites and Inhibitors
Don't forget to change your config/environment.rb...
by
Tom Copeland
Posted
What does it take for a cracker to find the critical change ?
by
anjan bacchu
Posted
Re: What does it take for a cracker to find the critical change ?
by
Peter Cooper
Posted
It appears the way the notice was handled left something to be desired
by
Obie Fernandez
Posted
A fairly comprehensive explanation
by
Obie Fernandez
Posted
-
...if you've set a RAILS_GEM_VERSION version there, that is. And doing a "gem cleanup" will keep things tidy too.
-
hi there,
"Even though details of the security flaws are not officially being given, it wouldn't take a would-be hacker long to run a diff between 1.1.4 and 1.1.5, so if you're running Rails 0.13 through 1.1.4, upgrade as soon as possible."
you mean, cracker, don't you ?
BR,
~A -
If I were talking as a geek to geeks, yes. As a writer who tends to stick to the standard vernacular and whose audience contains many non-geek types, no, sadly. :)
-
Ben Griffiths does a good job of deconstructing the official reaction.
-
Explanation of the security hole.
It's worth noting that a properly secured and configured server should not be affected by this problem. Neither are the hundreds, if not thousands, of "enterprisey" IT apps that live behind a corporate firewall.
Notwithstanding, this is a major news event and I am trying to compile a list of comments from people running major Rails deployments to see how they were affected, if at all.
5 comments
Watch Thread Reply