OK. I've checked against 3.2.12, and at least one isn't fixed, so it might be worth passing the link on to the security team. They'll all be easy fixes, and it'd be great to see them fixed (if not already) in 4.0.
Thanks for contributing Rails 4.0 - I'm excited to try it out, in particular the new caching looks great.
(The security team is a subset of the core team, in accordance with least privilege and all that.)