Developers using the emerging open source Ruby on Rails tool are urged to upgrade to version 1.1.5 to fix a severe undisclosed security hole.
In a blog
The issue is so critical that specifics on the vulnerability and how it could be exploited are being withheld, the Rails team said, adding that there's "no need to arm would-be assailants. Full details will be released once everyone has had a "fair chance" to upgrade.
In a later posting, the Ruby on Rails team said Rails 1.0 and prior are not affected by the flaw, nor is Rails 1.1.3. "We're currently investigating further just how contaminated 1.1.0, 1.1.1, 1.1.2, and 1.1.4 are," the team said, adding that the only versions affected are 1.1.0, 1.1.1, 1.1.2, and 1.1.4.
Users can grab an updated version of Ruby on Rails via Ruby's Gems package management system, or they can manually download the package from the Rails Web site.
Danish developer David Heinemeier Hansson released the framework for Rails in July 2004, and it reached version 1.0 last year.
Apple Computer Inc. announced this week that Ruby on Rails will ship along with the next version of the Mac OS. Version 10.5, codenamed Leopard, is expected to be released in the spring of 2007.