The jruby.jar file shipped with the scripting_chain quickstart is vulnerable to CVE-2011-4838:
We are shipping JRuby 1.6.5. To mitigate this flaw, we should upgrade to 126.96.36.199. Details are here:
Since this is a moderate impact flaw that only affects a quickstart, the overall impact is low. We should upgrade the vulnerable component in the next release, whether this is 5.3.0 or a CP to 5.2.0.