See morw...

Thursday, October 21, 2010

Rails 3.0 security update

The Rails core team recently announced a security update to Rails 3.0: Rails 3.0.0 has a vulnerability that has been fixed in Rails 3.0.1. Even though the Rails Tutorial sample application source code doesn't use the method (calledaccepts_nested_attributes_for) that has the vulnerability, the book and the Rails installation screencasts have been updated to reflect this change, just to be safe.

If you purchased the Rails Tutorial PDF or screencasts, you might want to revisit your download links for the latest versions of the book and the Rails installation files (the other screencasts are unaffected). You don't really have to, though, because it's easy to update your application: First, run
$ gem uninstall rails -v 3.0.0
$ gem install   rails -v 3.0.1
at the command line. Then edit the Gemfile, changing '3.0.0' to '3.0.1'. Finally, run
$ bundle install
at the command line, and you should be good to go.

No comments: