[CVE-2014-0130] Directory Traversal Vulnerability With Certain Route Configuration

For anyone who doesn’t subscribe to the security list (you should!)

https://groups.google.com/forum/#!msg/rubyonrails-security/NkKc7vTW70o/NxW_PDBSG3AJ

You may want to note that an earlier advisory made out that only apps
using
*action in their routes were affected, but this turned out not to be
true

Fred