Just one day after the security announcement and patch, there is a new Rails release, 1.1.6, which further addresses the security risk.
Earlier in the week when the first announcement came out there wasn’t any indication of what the issue was, but apparently the security risk was a hole where a user could execute code on your filesystem. Nice. A reminder to do some testing with that shiny new development framework before you deploy your new app out there on a production server…