We have been advised of several vulnerabilities in the in_place_editing plugin which was created prior to the 2.0.0 release of Ruby on Rails.
Users of all versions of the plugin are advised to update to the latest version contained in our git repository at:
git://github.com/rails/in_place_editing.git
For users who are unable to use git, we have provided a zip file containing the patched code. The patch containing the fix is available also.
Users of all versions of Rails prior to 2.0 are advised to stop using the in_place_editing functionality, or manually apply those changes to their version of Rails. If these changes are backported, this post will be updated to include a patch for the relevant versions of rails.
Thanks to Pawel Stradomski of Code Sprinters for reporting this bug to us and working so patiently with us to get it resolved.