This is a follow up from <a href="https://groups.google.com/forum/#!topic/rubyonrails-security/NkKc7vTW70o" rel="nofollow">https://groups.google.com/forum/#!topic/rubyonrails-security...</a> (HN discussion: <a href="https://news.ycombinator.com/item?id=7705415" rel="nofollow">https://news.ycombinator.com/item?id=7705415</a>).<p>Additional attack vectors have been discovered, so you may be vulnerable even without "*action" globbing in your routes. All users are advised to upgrade to a fixed version or apply the supplied patches.