I just saw on the Codegear Ruby newsgroups that a vulnerability on the net/https
library was reported. Basically the library doesn’t validate the server certificate
CN (Common Name).

You can read the details here:

http://www.isecpartners.com/advisories/2007-006-rubyssl.txt

Patches have been done for Ruby to accommodate this and you can download them from here:

http://www.ruby-lang.org/en/news/2007/10/04/net-https-vulnerability/