Most coverage of this issue doesn't cover both mitigation strategies and verifying you've closed the vulnerability. I wrote <a href="http://blog.endpoint.com/2013/01/rails-CVE-2013-0156-metasploit.html">Use to Metasploit to Verify Rails is Secured from CVE-2013-0156</a> to cover both these important bases.
