John Wilger wrote:
> On 8/9/06, David Heinemeier Hansson <david.heinemeier / gmail.com> wrote:
>> The issue is in fact of such a criticality that we're not going to dig
>> into the specifics. No need to arm would-be assailants.
> 
> Sorry, but this is ridiculous.
> 
> Maybe you don't release the exact instructions for how to fix the
> vulnerability at this time, but without any more details than this,
> how can any business make an informed decision on whether we really
> need to spend time upgrading every one of our Rails applications
> _right now_.
> 

Care to spend some time looking into files that have changed between 
builds?  Here's a list:

http://cyphers.dns2go.com/cliff/rails_diff.txt

Results need about 100 colums and is too wide for standard email and 
would have formatting issues posting directly.