Rails Sprockets Vulnerability

I'm sure most folks have heard about it by now, but there was a major security vulnerability reported in the Rails asset pipeline this week: https://blog.heroku.com/rails-asset-pipeline-vulnerability

Update your gems, and rotate your database credentials!

Happy Wednesday!

Did you find this post useful? Show some love!

I was very happy to see Heroku crash our deploy with a big fat error message. I think we were able to upgrade within the hour that this was announced yesterday.

Yeah! I was super impressed with Heroku's response. They're always on top of their game.

Out of curiosity. Is there any use case to change the option config.assets.compile to true in production?

I assumed that everybody would precompile the assets on deploy.

What are the impacts on changing

config/environments/production.rb

config.assets.compile = true # setting to true makes your app vulnerable

and update the sprockets?

Classic DEV Post from May 30

How can we stop age discrimination in tech?

Workers accuse Intel of age discrimination

READ POST
Follow @anthonydelgado to see more of their posts in your feed.
Alex
Platform Developer @ Grassriots Inc. Partner\CTO @ Prevent A Lemon.
More from @acflint
Location Specific Landing Pages
#rails #ruby #help
Trending on dev.to
Kubernetes Security Best-Practices
#kubernetes #docker #security
What is your longest server uptime?
#discuss #sysadmin #linux
Chasing down modest database scaling issues when you're not sure what's going on
#rails #postgres #heroku
Learn from others mistakes: How not to write a PHP install script
#php #vulnerabilities #security #https
Explain it to me like I'm five: .map, .reduce, & .filter edition
#explainlikeimfive #javascript #arrays
Docker Security Best-Practices
#docker #container #security
Learn New Technology as a Way of Stepping Up Your Understanding of Your Current One
#career
What's your worst estimate story?
#discuss #story #estimate #carreer