This is a MANDATORY upgrade for anyone not running on a very recent edge (which isn’t affected by this). If you have a public Rails site, you MUST upgrade to Rails 1.1.5. The security issue is severe and you do not want to be caught unpatched.
Whether a panic upgrade or a silent approach would have been best isn't really the issue now, but making sure that you are patched is. Non-developers can pretty much ignore this, though if you maintain a site on a server that uses RoR you may want to make sure your host provider knows. If you are using a very old version of RoR, 1.0 or earlier, you are unaffected by this flaw. The particular details of how to replicate or identify the flaw aren't being made available by them.