Over on the official Ruby news site, Urabe Shyouhei has announced the release of minor updates to both Ruby 1.8.6 and 1.8.7, namely 1.8.6p368 and 1.8.7p160:
Updates to already-released Ruby 1.8.7 and 1.8.6 have been released.
This time we have fixed dozens of bugs, including workarounds for CVE-2007-1558 and CVE-2008-1447. Many segfaults are also fixed. For a complete list of what has been fixed, please read the ChangeLogs (1, 2).
The released tarballs are available at:
These updates are only worth pursuing if it's of utmost importance that you have the latest point release of your chosen Ruby version installed - in critical production environments, perhaps. For your development machine, it's more of a take it or leave it deal. I'll be sticking to the Apple supplied version of 1.8.6 (p114) for now.