This is a follow up from https://groups.google.com/forum/#!topic/rubyonrails-security... (HN discussion: https://news.ycombinator.com/item?id=7705415).

Additional attack vectors have been discovered, so you may be vulnerable even without "*action" globbing in your routes. All users are advised to upgrade to a fixed version or apply the supplied patches.