Rails 1.1.6 Important Security Update
In case anyone missed the posts on the official blog.
A mandatory security patch to Ruby on Rails affecting version 1.1.0 to 1.1.4 was released a couple of days ago (1.1.5). This was updated yesterday (August 10) with another patch, 1.1.6, because the original patch only partly closed the security hole:
They've also created an announce-only security mailing list where you can get updates about critical patches.
Check it out if you haven't seen it already.