We just released diaspora* version 0.5.6.2 and 0.5.6.3 which fixes

CVE-2016-0751 - Possible Object Leak and Denial of Service attack in Action Pack

CVE-2015-7581 - Object leak vulnerability for wildcard controller routes in Action Pack

CVE-2015-7576 - Timing attack vulnerability in basic authentication in Action Controller

CVE-2016-0752 - Possible Information Leak Vulnerability in Action View

CVE-2016-0753 - Possible Input Validation Circumvention in Active Model

CVE-2015-7577 - Nested attributes rejection proc bypass in Active Record

CVE-2015-7579 - XSS vulnerability in rails-html-sanitizer

CVE-2015-7578 - Possible XSS vulnerability in rails-html-sanitizer

The hotfix-hotfix 0.5.6.3 fixes a regression caused by one of the security fixes which we did not notice at first.

Updating

Please update as soon as possible. Update instructions are available as usual in the wiki.