[wigsgiw]

Best idea would be to apply the workarounds presented for Rails 2.3 in the group post: https://groups.google.com/forum/#!topic/rubyonrails-security....

Place a couple of lines in a file in config/initializers, and you're good,.