Security Announcement for Devise (Rails authentication solution)

[josevalim]

"Upgrade immediately" so do drop everything. I have amended the blog post to mention an attacker could gain control of other accounts.

[cschneid]

Thanks. Is there a firewall level rule we can use to block requests (in addition to updating rails itself). We have a ton of apps to update, so a catchall rule would be very helpful.