I am as much a fan of Ruby and trying to shift my career towards Ruby. But, I sometimes am concerned if Ruby has evolved completely..or atleast the Rails framework.
because, recently I heard there is a security vulnerability (XSS) in RAILS framework..
so, is it in par with java and other frameworks.
Firstly, as you seem to be aware, Rails isn't the be-all and end-all of Ruby Web application development, but.. it is the most popular method, still
Regarding the XSS vulnerability, there have been some concerns over the Rails team's handling of security issues recently but they seem to be picking up on it. I can't speak for Java frameworks but PHP frameworks and apps seem to have as many, if not more, security issues - consider the widespread WordPress attack this week. PHP also has had, over the years, a lot of attack vectors which led to the popularity of safe mode.
I'd say you hear more about potential issues in Rails now because people seem to like talking about Rails a lot for some reason, Rails has quite a big share in terms of new projects right now, and there are some people who are very keen to spread bad news about Rails, whereas these sort of security issues are not really broadcast with other systems.
Author of Beginning Ruby (Apress): http://bit.ly/t31ag Editor of Ruby Inside and RubyFlow
I read the article on the Rails XSS vulnerability. I also saw that by the time the article hit the streets, the patch was available. Contrast this to other frameworks which don't offer any XSS safety, leaving it entirely to the developer to handle.
What you have to keep in mind that Rails, and by proxy Ruby, get a lot of press for being upstart competitors to the corporeal twins (.net and Java) and their associated frameworks. I'd focus on how many Rails clones there are (many), and why many high profile organizations and individuals support the Ruby language.
The article in question took one incident and blew it out of proportion. Would we ever say, "If Java or ANY of it's frameworks EVER have a security issue... stop using them, and stop using all sites made with them"?