Rails 3.1.4 has been released. This release contains various bug fixes and two important security fixes. All users are recommended to upgrade as soon as possible.
For information regarding the possible vulnerabilities, please see the announcements here and here.
Some highlights from this release are:
thrrubyrhino is added to the Gemfile for JRuby users
Routing cache improvements
Assets group may be skipped with the --skip-sprockets flag
Various Ruby 2.0 compatibility fixes
For a comprehensive list, see the commits on github.