It seems that these were addressed in Tableau Server 8.0.1 (May 2013).
However, we're running Tableau Server 7.0.15. There's a mention of a Ruby on Rails patch in 7.0.14, but it seems to be a JSON parser fix. The Rails patches in Tableau Server 8.0.1 seem to be XML parser fixes. It's not clear to me whether the JSON vulnerabilities are related to/same as the XML parser vulnerabilities. So, the question is, is 7.0.15 fully patched against all Ruby on Rails vulnerabilities? Or do we need to upgrade to 8.0.1?