Given we are still seeing more security issues with Rails, shouldn't the developers down tools for 5 mins to stop with the shiny-shiny, and maybe rewalk the codebase, the dependencies they set, and review things?<p>Yes, they are quick to band-aid the overall problem, and push out yet another version bump, but, no one other there seems to really grasp the nettle and admit too much auto, too much magic, too much opinionated design has meant a framework with more holes than swiss cheese. We have only just started to see the trickle of reported issues, before the flood.<p>Ironically, we had a call this morning from a customer that there rails app server has been compromised, despite diligently patching and updating.<p>I would rather see one better update to Rails for the release versions, arising from a proper audit, proactively closing the windows left from before, rather than shutting one each time it is reported.