REXML, the XML library uses by many ruby apps, including rails, has a vulnerability that requires an immediate patch on whatever rails version you're using. Details and instructions on the official rails weblog, here. But basically, this is what you need to do: gem install rexml-expansion-fix Then, require rexml-expansion-fix in your rails's app environment.rb file.