You are only at risk if you embed the result of a .to_json call in a
page you generate. For example:
<script type="text/javascript">
var customers = <%= @customers.to_json %>;
</script>
However as this release addresses some backwards compatibility bugs in
1.2.4, all users are advised to upgrade.
--
Cheers
Koz