Rails Sprockets Vulnerability

I'm sure most folks have heard about it by now, but there was a major security vulnerability reported in the Rails asset pipeline this week: https://blog.heroku.com/rails-asset-pipeline-vulnerability

Update your gems, and rotate your database credentials!

Happy Wednesday!

Did you find this post useful? Show some love!
DISCUSSION (4)

I was very happy to see Heroku crash our deploy with a big fat error message. I think we were able to upgrade within the hour that this was announced yesterday.

Yeah! I was super impressed with Heroku's response. They're always on top of their game.

Out of curiosity. Is there any use case to change the option config.assets.compile to true in production?

I assumed that everybody would precompile the assets on deploy.

What are the impacts on changing

config/environments/production.rb

config.assets.compile = true # setting to true makes your app vulnerable

and update the sprockets?

Classic DEV Post from Jul 25

I choose self-learning!

There's no a right way to learn how to code.

READ POST
Follow @brendazam to see more of their posts in your feed.
Alex
CTO @ Prevent A Lemon. Platform Developer @ Grassriots Inc. Runner, dog person.
More from @acflint
A/B Testing A Rails App
#rails
Cached Collections, Partials & User Types
#rails
Trending on dev.to
How to Reduce Memory Usage for Rails and Sidekiq
#ruby #rails #sidekiq #webdev
Revenge Hacking Is Hitting the Big Time
#security #hacking #hackers #devsecops
We run several (successful) internships each year at our software consultancy, Ask Me Anything!
#ama #internships #rails
PHP Security: Introduction
#php #security
OWASP - Who?
#owasp #security
Finding Common Security Issues in Python Code with Bandit
#python #security
Web Developer Security Checklist V2
#security #aws #webdev #devops