Over on the official Ruby news site, Urabe Shyouhei has announced the release of minor updates to both Ruby 1.8.6 and 1.8.7, namely 1.8.6p368 and 1.8.7p160:

Updates to already-released Ruby 1.8.7 and 1.8.6 have been released.

This time we have fixed dozens of bugs, including workarounds for CVE-2007-1558 and CVE-2008-1447. Many segfaults are also fixed. For a complete list of what has been fixed, please read the ChangeLogs (1, 2).

The released tarballs are available at:

• ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p368.tar.gz
• ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p368.tar.bz2
• ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p368.zip
• ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p160.tar.gz
• ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p160.tar.bz2
• ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p160.zip

These updates are only worth pursuing if it's of utmost importance that you have the latest point release of your chosen Ruby version installed - in critical production environments, perhaps. For your development machine, it's more of a take it or leave it deal. I'll be sticking to the Apple supplied version of 1.8.6 (p114) for now.