The developers of Ruby on Rails are calling on users to update their Rails installations as soon as possible, following the public disclosure of flaws in the parsing of XML-formatted parameters in the Rails framework. The update also fixes an unrelated issue with JSON parameter parsing.
Currently no exploits of the flaws are reported to be in the wild, but since the disclosure, that is merely a matter of time. All versions of Rails are affected by the flaw and updates are available in the form of versions 3.2.11, 3.1.10, 3.0.19 and 2.3.15. Where developers cannot update in a timely fashion the advice is to disable XML-formatted parameter support.

The link for this article located at H Security is no longer available.