On Mar 11, 2008, at 15:36 , Urabe Shyouhei wrote:

> But your posting this sensitive info on a public mailing list cased  
> a bit worrying situation where all existing WEBrick servers
> are now facing a threat of attacks.  Next time would you please send  
> us security considerations for security / ruby-lang.org?

I sent Jos here. I figured that was fine because the issue IS public  
and was reported as resolved:

   http://www.securityfocus.com/archive/1/489205

says:

> fixed on 03.03.2008.
>
> http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerab
> ility/
>
> Patches can be downloaded here:
>
> 1.8 series
> Please upgrade to 1.8.5-p115 or 1.8.6-p114.
> <URL:ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-p115.tar.gz>  
> (md5sum: 20ca6cc87eb077296806412feaac0356)
> <URL:ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p114.tar.gz>  
> (md5sum: 500a9f11613d6c8ab6dcf12bec1b3ed3)
> 1.9 series
> Please apply the following patch to lib/webrick/httpservlet/ 
> filehandler.rb.
> <URL:ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.0-1-webrick-vulnerabi
> lity-fix.diff> (md5sum: b7b58aed40fa1609a67f53cfd3a13257)