Unsafe Query Generation Risk in Ruby on Rails (CVE-2013-0155)

Not as serious as <a href="http://news.ycombinator.com/item?id=5028218" rel="nofollow">http://news.ycombinator.com/item?id=5028218</a> but still important to note.

Thanks<p>Is there a site I can sign up for package update notifications for a bunch of projects?<p>I don't want info on all CVEs or all system packages but just a list of packages I'm interested in (and more than just ubuntu/Debian packages).<p>I seem to remember one site on HN but my google-fu is weak tonight...

Please, if anyone's reading this, do not release a proof-of-concept until everyone has a chance to patch. (I sense there are a lot of already busy Rails developers today).<p>By the way, what do freelancers on HN feel about general responsibility for security maintenance after the work has been done?

What an interesting day