I’ve sent email and posted to comp.lang.ruby as well. Hopefully this
will get some attention. But if you are using WEBrick for any public
production web sites, which most do not, then don’t until this is
fixed:
http://rob.muhlestein.net/2006/12/webrick-security-flaw.html