In January 2013, I was informed from a colleague about a severely critical security hole in nearly all Ruby on Rails versions. Although I’d read about the issue a couple weeks prior, I didn’t think I had to immediately worry about making the necessary upgrades to the patched versions, because all the Rails applications I was currently working on were still only in development modes, and running on local workstations under localhost. But then my colleague sent me a link to the following article (if you develop Rails applications, please read it):
http://www.kalzumeus.com/2013/01/31/what-the-rails-security-issue-means-for-your-startup/
Hopefully, you noticed from the article that even development applications running under localhost are vulnerable to this security breach. Continue reading
The Ruby Railroad 