It is always a running battle to keep an application's backend up to date with various technologies. Today, we are excited to announce that Metasploit Framework now ships with Rails 4.0. Upgrades like this are sometimes hard to get excited about because if everything goes well, users should see no difference. There are many reasons to upgrade to Rails 4, though.

Why Upgrade

Here are the important reasons to upgrade from our perspective:

  • Security is a big part of why we have to keep our code up to date. We want to make sure that any third party technology we use is up to date in order to receive security updates and patches. This is especially important for us, given what our product does.
  • Rails 4 comes with many new features that make our lives easier from a development perspective. We want to make sure that we can utilize the latest and greatest things in order to become more efficient in our everyday programming efforts.
  • We want to make sure we can provide the best integration experience possible. Staying with industry standards helps us provide the best experience possible to our community and our customers.

What Should I Expect

Your everyday experience with Metasploit Framework will be no different. This upgrade does not introduce any changes to the way Metasploit Framework works. Thus, you should not see any usability changes. Additionally, we are always committed to delivering high quality code all the time. We have performed extensive testing to make sure we are not introducing any issues to Metasploit Framework. At this point we are very confident that our users' experience will not degrade at all.

However, as any developer knows, when you are dealing with a complex application such as Metasploit Framework, there is a likelihood of things slipping through the cracks. Thus, we kindly ask our users that if you see unusual behaviour as you continue to use Metasploit Framework, especially shortly after Rails 4.0 rollout, please keep in mind that the behaviour might be surfacing due to Rails 4 upgrade and please approach troubleshooting the issue with that in mind. Additionally, we kindly ask you to open an issue on Metasploit Framework Project - Github to let us know about your experience and steps you have taken to verify the issue.

I want to thank you for the folks here in Austin, TX for their hard work that they did past couple of months in order to make this upgrade possible.

As always, I want to thank our community for supporting us to improve Metasploit Framework years to come.

*** Rails 4 is only included in Metasploit Framework Master Branch on Github. If you are using Metasploit Community edition you will receive Metasploit Framework Rails 4 upgrade within two weeks. We will call the changes out in our release notes.

Eray Yilmaz - @erayymz

Sr. Product Manager, Metasploit