If you didn't know already, there is a new version of Rails out there.
And I'm not referring to the Rails 2.0 preview. This is Rails 1.2.5, which contains fixes for a JSON XSS (cross-site scripting) vulnerability. I'm not horribly familiar with the details, but the site does say that you don't have to worry about it if you're not using JSON. Probably a good idea to upgrade anyway.