Thursday, August 10, 2006

Security update: Rails 1.0, 1.1.3 not affected

Posted by David

Good news: Rails 1.0 and prior is not affected by the latest security breach we’ve experienced. Neither is Rails 1.1.3. We’re currently investigating further just how contaminated 1.1.0, 1.1.1, 1.1.2, and 1.1.4 are. We’ll give you more updates as soon as we have the information. Our first priority has been to get a fix out, now we’ll get to the very bottom of this.

Believe you me, we take this extremely seriously. The entire core team is working on this investigation. We’ve currently made the trade-off to keep the details secret to protect people still in the process of upgrading. Once ample time for upgrading has been given and we have investigated this matter to its depth, we’ll release a complete report detailing all our findings.

Thank you for your patience and understanding. We fully understand that nothing can quite make your heart pump, as knowing there’s something wrong, but not being entirely sure what to do about it. It’s OK to vent that frustration in the comments to this post.