Is this real…?

Email:

“A serious security vulnerability has been found in the Ruby on Rails framework. This exploit affects nearly all applications running Rails and a patch has been made available.
The Heroku security team has detected that you are running one or more Rails apps on Heroku which appear to be unpatched and at risk:

Apps
liveboardv1 (unknown)
knouse (3.2.8)
audubon (unknown)
liveboardalpha (3.2.8)
You can get a full list of all your affected Heroku applications by running this script. Please address this security vulnerability by immediately upgrading your affected apps to any of the safe versions of Rails listed below. The following Rails versions have been patched and deemed safe from this exploit:
3.2.11
3.1.10
3.0.19
2.3.15
If you do not upgrade, an attacker can trivially gain access to your application, its data, and run arbitrary code or commands. Heroku recommends upgrading to a patched version immediately.
How to Upgrade:
Open the Gemfile in the affected application and change the Rails version to one listed above:
rails ‘3.2.11’

Then run:
$ bundle update rails

Then commit the results to git, and push to Heroku:
$ git push heroku master

Repeat for any susceptible applications. If you cannot upgrade at this time, please consider enabling maintenance mode or scaling your app down to zero dynos. Any applications running an insecure version are at risk.
Thank You,
Heroku Security”