I have a new client with an app running on 1.1.2 and I'm trying to verify if his vendor/rails already has the critical security fix from last August. Unfortunately, the backport patches to earlier 1.1 releases linked from http://weblog.rubyonrails.org/2006/8/10/rails-1-1-... have moved (or been removed). It's probably simple enough to update him to 1.1.6 in the short term, and get him on 1.2 later, but for right now, I'd rather ensure his code is secure and schedule the bigger upgrade(s) for later. Does anyone know where I can find those backport patches? I've scoured Google and much to my surprise, no one seems to have mirrored them.
on 2007-06-29 01:42