At the end of last week, it looked like we had made it out of the woods with the Christmas and New Year slowdown, and the unexpected arrival of a Rails security bulletin just a couple of days after all the celebrating was over. It turns out we were wrong.
Yesterday, the Rails security team announced not one but two security issues, one of which affected all versions of Rails. This has kept our current support team very busy with testing, updating, re-testing and deploying our many projects. Within the first 16 hours of the announcement, and within only a few hours of waking up here in the UK, our team had the vast majority of our active projects updated and re-deployed.
Of course in hindsight you might say that if only we had waited a few days to do the first security update, we would have had to update only once, but for security holes that could allow an intruder to execute any code on your system, the right time to fix it is now.