So the happy little Ruby on Rails crew done gone and got themselves a security hole
Their release announcement certainly got my attention. And I’m honestly pretty reactive (“Problem! Problem! Solve it NOW!”) — so after a broadcast to our Rails-developin’ crew — we got on it and got our system and frozen rails up to 1.1.5 and the local dev boxes got there too (thanks Duff, Rafe, Aaron, and crew). But we are pretty flexible — we can move, and move fast still (and I hope that keeps up, although I’m not sure that staying with software releases is a familiar concept to all).
I like Rails. I’m happy we are using it.
But there’s going to be some absolute hell to pay in the Enterprise environments after a vendor announcement like that. This is going to be WAY fun to watch 😀
p.s. don’t misunderstand the last statement. I take computing security very seriously — as I’m sure some colleagues will attest, with the occasional mention of words like “paranoia”. The fun part is that every good project has to grow up now and then, and there’s some growing pains. This will be a rather interesting case study.