http://groups.google.ca/group/rubyonrails-security/browse_thread/thread/ac8bdb6a54c86139?hl=en Debian changes are here, http://git.debian.org/?p=collab-maint/rails.git;a=shortlog;h=refs/heads/debian-lenny - Adam