Most of rails adopters have been busy upgrading their rails due to the discovered security risk. If you have not upgraded yet then you should do it now… seriously right now. The security problem seemed to be very nasty to the point that the Ruby on Rails core team didn’t want to discuss it publicly.

Of course as soon as I knew about the issue yesterday, I upgraded all my servers to Rails 1.1.5.
it turns out that the rush released Rails 1.1.5 didn�t actually solve the problem and there was another problem in rails routing inside app/config/routes.rb. So I had to do some changes manually to fix this issue…Well I just got notified that there is another release Rails 1.1.6 that it’s ready for upgrade.

I know that a lot of people are angry right now, I understand where they are coming from but this is something to expect from young products with fast development cycles like Rails. However, I think the rails team should apply more testing and QA practices to insure the quality of Rails. I think there are a lot of lessons to be learned from FreeBSD and the way they control the security of their code.

I hope this security problem is not going to turn off people from adopting rails.

gotta go to upgrade..