In the past few weeks we have written two blog articles, check them out:
About stress testing Rails 5.0 ActionCable, finding and fixing the issues we found, this one is the first of a 2-part series so if you like it look out for the next one:
About the HTTPoxy vulnerability, how Passenger applications are not vulnerable and other interesting details:
Kind regards,
Tinco