If you're running CF, then you're running Ruby regardless if any of your
apps are in ruby. You might like to subscribe to a new security
announcement mailing list that has been set up today.
CF is a complicated beast. It is Ruby, which loads end user apps, and runs
them. We need to be extra diligent to ensure CF itself and all apps are
safe from all other apps and other attack vectors.