The advisory also provides several workarounds that dont' require you to update Rails, all pretty simple ("drop a file into config/initializers and reload) which also work.