If you don’t update your Rails 2.3 app, you are in danger. Here’s what will happen.
You may have been contacted recently about upgrading your Ruby on Rails application. It is very important that you do not ignore these emails.
With the release of version 4.0 of Ruby on Rails, your application, running on a version less than 3.0 will no longer receive any security updates.
If you take no action, the following things are going to happen to you. It is not a question of if, but only a matter of when. Here’s what you can expect to happen if you ignore the emails you received.
Your data will be compromised.
Everything that has ever been entered into your application, either by you or your customers will become compromised. Meaning, someone who you don’t know and who may have dishonorable intent will have complete access to your data. What they choose to do with it could have serious impact on your business.
Your application could be modified without your permission.
If gaining access to your data isn’t bad enough, the type of access that will, at some point, be gained to your application will allow someone who you don’t know to make changes to the way your application runs.
If you think about your application as a machine that performs business tasks for you, this means that someone will be able to get inside and change the way your business works, while it is running, and you would have no idea until for example, your credit card payments go to some one else’s bank account.
Your insurance will not cover the damages.
Your insurance, and the insurance of the technical team that built your application (You did work with an insured team, didn’t you?) will not cover the damages when someone gains access.
Sure, you can file a claim, but your insurance company will quickly discover that the damages you’ve received are due to a lack of maintenance, which in most policies is explicitly not covered. This is a preventable risk and it is entirely your responsibility to make sure it is addressed.
You will find out how much your application is worth to you.
If you rely on your application for any business purpose, you will find out the hard way how much it is worth to your business. You will have no protection against the losses and your business insurance will not cover the damages.
Your losses will provide, in very direct terms, a measurement of how important your application is to your business. It’s probably worth a lot more than you think.
What can you about this:
Patrick McKenzie has done a great job covering the options available to you in his blog post titled “If Your Business Uses Rails 2.3 You Need To Move To A Supported Option ASAP”.
In summary, you have a few options:
- Do nothing and face the consequences listed above.
- Turn off your application and pay nothing.
- Rewrite your application to use a supported version of Ruby on Rails (Recommended, but expensive.)
- Use a commercially supported version of Rails 2.3 and setup a maintenance plan with a software development team. (Less expensive. May be the right choice if you no longer plan to change your app.)
Remember, if you choose to do nothing, you will face consequences.