Upgrade Rails. NOW.

on August 10, 2006 10:52 AM | Permalink | Comments (0) | TrackBacks (0)

This is a MANDATORY upgrade for anyone not running on a very recent edge (which isn’t affected by this). If you have a public Rails site, you MUST upgrade to Rails 1.1.5. The security issue is severe and you do not want to be caught unpatched.
[...]
As always, the trick is to do “gem install rails” and then either changing config/environment.rb, if you’re bound to gems, or do “rake rails:freeze:gems” if you’re freezing gems in vendor.

Update: Seems that just versions 1.1.0, 1.1.1, 1.1.2, and 1.1.4 are affected.

Good news: Rails 1.0 and prior is not affected by the latest security breach we’ve experienced. Neither is Rails 1.1.3.

0 TrackBacks

Listed below are links to blogs that reference this entry: Upgrade Rails. NOW..

TrackBack URL for this entry: http://bru.bzaar.net/mt/mt-tr4ckm3.fcgi/704

Today

Bru tweeted, "congrats to @hrheingold !" 2008-08-21T22:04:08Z 2008-08-21T22:04:08Z
Bru tweeted, "that was, sore kara." Bru tweeted, "that was, sore kara." Bru tweeted, "that was, sore kara." 2008-08-21T18:44:20Z 2008-08-21T18:44:20Z
Bru tweeted, "slre ,a" Bru tweeted, "slre ,a" Bru tweeted, "slre ,a" 2008-08-21T18:44:09Z 2008-08-21T18:44:09Z
Bru saved the link Rails Plugin: dynamically_tags 1970-01-01T00:00:00Z 2008-08-21T11:38:00Z
Bru tweeted, "@mazphd congrats!" Bru tweeted, "@mazphd congrats!" Bru tweeted, "@mazphd congrats!" 2008-08-21T11:02:24Z 2008-08-21T11:02:24Z
Bru tweeted, "ephemeral javascript time" 2008-08-21T10:01:27Z 2008-08-21T10:01:27Z

Wednesday

Bru tweeted, "@waugaman no prob, just send over your email (maybe in a dm)" 2008-08-20T22:22:34Z 2008-08-20T22:22:34Z
Bru tweeted, "introduced http://wakeme.at, my experiment with FireEagle, in a long-ish blogpost: http://tinyurl.com/64dq8t" 2008-08-20T21:44:37Z 2008-08-20T21:44:37Z
Bru tweeted, "hmm... looks like my Movable Type instance on Dreamhost fell into Internal Server Error hell. :-/" 2008-08-20T21:03:49Z 2008-08-20T21:03:49Z
Bru tweeted, "hmm... looks like my Movable Type instance on Dreamhost fell into Internal Server Error hell. :-/" 2008-08-20T21:03:49Z 2008-08-20T21:03:49Z
Bru tweeted, "going back to my slicehost playground after what seems a long while" 2008-08-20T18:30:25Z 2008-08-20T18:30:25Z
Bru tweeted, "going back to my slicehost playground after what seems a long while" 2008-08-20T18:30:25Z 2008-08-20T18:30:25Z
Bru tweeted, "srsly intense day. and only 2 coffee shots. yay!" 2008-08-20T16:29:20Z 2008-08-20T16:29:20Z
Bru tweeted, "srsly intense day. and only 2 coffee shots. yay!" 2008-08-20T16:29:20Z 2008-08-20T16:29:20Z
Bru tweeted, "retweeting: speak rails? Headshift wants you. DM, send pidgeons, smoke signals, just get in touch." 2008-08-20T15:56:29Z 2008-08-20T15:56:29Z
Bru tweeted, "retweeting: speak rails? Headshift wants you. DM, send pidgeons, smoke signals, just get in touch." 2008-08-20T15:56:29Z 2008-08-20T15:56:29Z
Bru saved the link Social network popularity around the world 1970-01-01T00:00:00Z 2008-08-20T15:41:21Z
Bru tweeted, "feels like a bottleneck" Bru tweeted, "feels like a bottleneck" Bru tweeted, "feels like a bottleneck" 2008-08-20T10:32:44Z 2008-08-20T10:32:44Z
Bru tweeted, "feels like a bottleneck" Bru tweeted, "feels like a bottleneck" Bru tweeted, "feels like a bottleneck" 2008-08-20T10:32:44Z 2008-08-20T10:32:44Z
Bru tweeted, "it's engine war o'clock here in the office" 2008-08-20T09:37:30Z 2008-08-20T09:37:30Z

Upgrade Rails. NOW.

Categories:

Tags:

0 TrackBacks

Leave a comment

Stalk Me Elsewhere

Recent Activity

Today

Wednesday

Categories

Monthly Archives

Pages