Good ideas and conversation. No ads, no tracking. Login or Take a Tour!
From the comments:
Homakov did follow responsible notification and release protocols. They were notified of the bug privately, and he was ignored. He then notified the Rails team, who dismissed his report. He then, out of frustration, demonstrated the bug in a non-malicious (and humorous) way in a production environment. The timing was sensible.