Make sure you install the latest 1.0.x or 1.1.x release of Mongrel. There is a security hole in the DirHandler that allows read access to the file system.

sudo gem install mongrel

You should be running at least 1.05 or 1.1.3.

Per Zed and others on the mailing list, here are the details:

1) If you use nginx or apache (and maybe other full web servers with aproxy module) then you can wait to upgrade, but probably not verylong. This is because these servers do their own checking as well, andare handling your files. That means a request for the file will bedropped, and blocked.

2) If you use a pure TCP/IP based proxy balancer (balance, pen,swiftiply?) then you must upgrade as these do no checks on the incomingTCP packets.

3) If you use mongrel directly to serve content then you must upgrade.