Re: Rails 1.1.5: Mandatory security patch (and other tidbits

This is a MANDATORY upgrade for anyone not running on a very recent
This seems misguided to me. One of the things that I have always
appreaciated about the general open source environment is that when
there is a security vulnerability it is announced. It is described.
And it is fixed.

The process is open, and it works because someone can go and look at
the information about the vulnerability and learn from it,
and they can
have faith in the advice to upgrade because the vulnerability
announcement is clear about what the exploit is and the risk from it.

I kinda took this message to mean that they would give folks some time
to upgrade before (eventually) releasing the details. That’s fairly
standard procedure, isn’t it? Maybe not, though.

  • Dan

This communication is the property of Qwest and may contain confidential
privileged information. Unauthorized use of this communication is
prohibited and may be unlawful. If you have received this communication
in error, please immediately notify the sender by reply e-mail and
all copies of the communication and any attachments.