We just released diaspora* version 0.5.6.1 which

fixes Nokogiri CVE-2015-7499

fixes unsafe "Remember me" cookies in Devise

Updating

Please update as soon as possible. Update instructions are available as usual in the wiki.