Business

Urgent security fix for Ruby on Rails users

Builder: Users of Ruby on Rails have been told to update their installations immediately, following the discovery of a security flaw in the popular open source web application framework

Written by Jonathan Bennett, Contributor Aug. 10, 2006 at 9:05 a.m. PT

The Ruby on Rails team released a patch on Wednesday, which they describe as "mandatory" for all public sites built using recent versions of the web application framework.

This patch fixes a "serious security concern", the precise nature of which hasn't been revealed, in all versions of Rails from 1.1 up to 1.1.4. "The issue is in fact of such a criticality that we're not going to dig into the specifics", said the team in a statement. However, the flaw does appear to be in the Rails framework, rather than the Ruby language itself.

The team has promised to release more details of the problem in Rails, but says it wants to give users a chance to fix their systems before giving out information that could help attackers. Rails was created by David Heinemeier Hansson, and reached version 1.0 in December of last year.

The updated version of Rails is available through Ruby's Gems package management system, or by downloading the package manually from the Rails Web site.

Editorial standards

Show Comments

Urgent security fix for Ruby on Rails users

Related

Can Meta AI code? I tested it against Llama, Gemini and ChatGPT - it wasn't even close

Move over, Alexa and Homekit: A new Assistant is here to open-source your smart home

The best free AI courses (and whether AI 'micro-degrees' and certificates are worth it)