Ruby On Rails 1.1.5 Released to Address Critical Vulnerability

[bugtraq () cgisecurity net]

> From their blog

"We're still hard at work on Rails 1.2, which features all the new dandy REST stuff and more, but a 
serious security concern has come to our attention that needed to be addressed sooner than the release 
of 1.2 would allow. So here's Rails 1.1.5!

This is a MANDATORY upgrade for anyone not running on a very recent edge (which isn't affected by this). 
If you have a public Rails site, you MUST upgrade to Rails 1.1.5. The security issue is severe and you do 
not want to be caught unpatched.

The issue is in fact of such a criticality that we're not going to dig into the specifics. No need to 
arm would-be assalients."

Blog URL: http://weblog.rubyonrails.com/

- Robert
http://www.cgisecurity.com/ Website Security, and Application Security News
http://www.cgisecurity.com/index.rss [RSS news Feed]

-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire was recently named the worldwide market leader in Web 
application security assessment tools by both Gartner and IDC. 
Download a free trial of AppScan today and see why more customers choose 
AppScan then any other solution. Try it today!
  
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB
--------------------------------------------------------------------------