Ruby on Rails has of this writing released patches for a critical security vulnerability affecting nearly all versions of Rails. It is critical that your Rails applications be updated to one of the following versions:
If you have a cPanel server, make sure you have cPanel’s daily updates running. cPanel versions 126.96.36.199, 188.8.131.52, 184.108.40.206, and 220.127.116.11 include the updated versions of Rails. If you are running Rails on a core-managed server, you will need to update Rails yourself. Here’s how.
Updating With Bundler
If you’ve installed Rails using bundler and rubygems, make sure you have the latest version in your Gemfile:
# rails '3.2.11'
# bundle update rails
You will have to restart your application for the new Rails version to take effect.
Updating with Just Rubygems
If you are not using bundler, you can simply use rubygems to update rails:
# gem update rails
Note that this will update Rails to the most recent version. If you wish to run one of the other patched versions, you will need to specify it like so:
# gem install rails -v 2.3.15
Again, your application will have to be restarted in order for the updates to take effect.