Rails 1.1.5: Mandatory security patch - UDPATE
August 10, 2006This is a MANDATORY upgrade for anyone not running on a very recent edge (which isn't affected by this). If you have a public Rails site, you MUST upgrade to Rails 1.1.5. The security issue is severe and you do not want to be caught unpatched. read more
UpdateRails 1.0 and prior is not affected by the latest security breach. Neither is Rails 1.1.3. read more
UpdateUnfortunately another upgrade (1.1.6) is required! Do it now:
stefans@powermac:~$sudo gem install rails --source http://gems.rubyonrails.org --include-dependencies
You might want to use this vulnerability tester to test your application. Read the code carfully and try to understand what it does before you use it to test your rails application.
Be very careful to check that it won’t accidentally do something dangerous to your app.
You can find more info about this security hole here or here.