Hours icon indicating copy to clipboard operation
Hours copied to clipboard

Published 20 hours ago verified publisher icon DefactoSoftware

security vulnerability detected while using deploy to heroku

Open roberthopman opened this issue 6 years ago • 4 comments

Expected outcome: Deploy to Heroku works and I can start logging hours.

Actual outcome:


A security vulnerability has been detected in your application.
 !     To protect your application you must take action. Your application
 !     is currently exposing its credentials via an easy to exploit directory
 !     traversal.
 !     
 !     To protect your application you must either upgrade to Sprockets version "3.7.2"
 !     or disable dynamic compilation at runtime by setting:
 !     
 !     ```
 !     config.assets.compile = false # Disables security vulnerability
 !     ```
 !     
 !     To read more about this security vulnerability please refer to this blog post:
 !     https://blog.heroku.com/rails-asset-pipeline-vulnerability
 !
 !     Push rejected, failed to compile Ruby app.
 !     Push failed

roberthopman avatar Jul 27 '18 12:07 roberthopman

You're right. We haven't done any maintenance or updates to application in quite a while. We know some dependencies have some security vulnerabilities in them. Feel free to fix them and open up a PR :)

tarzan avatar Jul 27 '18 13:07 tarzan

Hi, I am Daniel Amah. A Ruby on Rails developer. I will love to take on this task. @tarzan

dnlamah avatar Aug 21 '18 06:08 dnlamah

Hi, I am Daniel Amah. A Ruby on Rails developer. I will love to take on this task. @tarzan

DanielAmah avatar Aug 21 '18 06:08 DanielAmah

One fix for this would be #425

greysteil avatar Sep 24 '18 12:09 greysteil