/>
X
Innovation

Rails users urged to fix flaw immediately

Users of Ruby on Rails have been told to update their installations immediately, following the discovery of a security flaw in the popular open-source Web application framework. The Ruby on Rails team members released a patch on Wednesday that they describe as "mandatory" for all public sites built using recent versions of the Web-application framework.
zd-defaultauthor-jonathan-bennett.jpg
Written by Jonathan Bennett on

Users of Ruby on Rails have been told to update their installations immediately, following the discovery of a security flaw in the popular open-source Web application framework.

The Ruby on Rails team members released a patch on Wednesday that they describe as "mandatory" for all public sites built using recent versions of the Web-application framework.

This patch fixes what the team called a "serious security concern," the precise nature of which hasn't been revealed, in all versions of Rails from 1.1 up to 1.1.4.

"The issue is in fact of such a criticality that we're not going to dig into the specifics," the team said in a statement. However, the flaw does appear to be in the Rails framework rather than in the Ruby language itself.

The team has promised to release more details of the problem in Rails, but said it wants to give users a chance to fix their systems before giving out information that could help attackers. Rails was created by David Heinemeier Hansson and reached version 1.0 in December of last year.

The updated version of Rails is available through Ruby's Gems package management system, or by downloading the package manually from the Rails Web site.

Jonathan Bennett of Builder UK reported from London

Editorial standards

Related

How to use your phone to diagnose your car's 'check engine' light
BlueDriver Bluetooth dongle

How to use your phone to diagnose your car's 'check engine' light

Elon Musk drops details about Tesla's humanoid robot
tesla-humanoid

Elon Musk drops details about Tesla's humanoid robot

Don't let Janet Jackson's 'Rhythm Nation' crash your old laptop
the-old-hard-disk-drive-is-disintegrating-in-space.jpg

Don't let Janet Jackson's 'Rhythm Nation' crash your old laptop