I'm not a Ruby developer, but keeping any application up-to-date is a necessity. If a server is connected to a network, it is already vulnerable.