If you have a rails app, check with your developer(s) (whether full time or contract) and ask them about the latest updates to rails and whether they've deployed it yet:
This hit two days ago, so it should be patched on all of your production apps and any development or staging apps with valuable data or that are running on physical servers that you own (a development only app on heroku is less critical).
While you're at it, sign up for the security updates for rails (or your production framework(s)). It may be the responsibility of developers to keep up with this, but it's you that is in real trouble if all of your customer data gets exploited.
If all goes well, theoretically the patch just takes a few minutes. In practice, the developer will have to ensure the app is still working well which could take a while depending on how comprehensive your automated tests are. If the patch happens to break something, it'll take an indeterminate amount of time to fix, so for contractors you're looking at anything from a free fix or one hour bill to a 1-3 hour project to fix and test to a small risk of a larger project if the fix happens to break something.