<div dir="ltr"><div style="font-family:arial,sans-serif;font-size:13px">Steve Klabnik suggests in addition we check for any gems doing a `YAML.load` from user input.</div><div style="font-family:arial,sans-serif;font-size:13px">

<a href="https://twitter.com/steveklabnik/status/288745291765657601" target="_blank">https://twitter.com/steveklabnik/status/288745291765657601</a></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On 8 January 2013 21:20, Matthew Rudy Jacobs <span dir="ltr"><<a href="mailto:matthewrudyjacobs@gmail.com" target="_blank">matthewrudyjacobs@gmail.com</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I guess you all know.<div><br></div><div>But for anyone who hasn't yet heard.</div><div>All versions of rails need to be upgraded or patched.</div>

<div><br></div><div><a href="https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion" style="font-family:arial,sans-serif;font-size:13px" target="_blank">https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion</a><br>


</div></div>
</blockquote></div><br></div>