Not my blog, it's quite a comprehensive articles for RubyOnRail developers and also applicable for any web developers.
Disclaimer: I'm not in anyway suggested that RoR is a bad development tools. Security wise, I would still suggest having a secure CDN can reduce the zero-day attack to a minimum.
What The Rails Security Issue Means For Your Startup | Kalzumeus Software
January has been a very bad month for Ruby on Rails developers, with two high-severity security bugs permitting remote code execution found in the framework and a separate-but-related compromise on rubygems.org, a community resource which virtually all Ruby on Rails developers sit downstream of. Many startups use Ruby on Rails. Other startups don’t but, like the Rails community, may one day find themselves asking What Do We Do When Apocalyptically Bad Things Happen On Our Framework of Choice? I thought I’d explain that for the general community.the Rails community has downplayed security with attitudes like this for years;