8.7. The Rails Security Mailing List
The official Rails security mailing list is a low-traffic, announcement-only list for security-related issues. Any vulnerability found in the framework will be announced there, along with information about patching the problem. If you have a Rails application in production, it's a good idea to subscribe, so that you'll be able to react quickly to any new issues that arise. The list information is at http://groups.google.com/group/rubyonrails-security.