В вашем приложении обнаружена уязвимость

Question

Я использую Rails на Heroku более года, но сегодня я сталкиваюсь с проблемой, которая не приводит к сбоям в последнем коммите Heroku, когда я запускаю git push heroku master, как показано ниже

remote:  !     A security vulnerability has been detected in your application.
remote:  !     To protect your application you must take action. Your application
remote:  !     is currently exposing its credentials via an easy to exploit directory
remote:  !     traversal.
remote:  !     
remote:  !     To protect your application you must either upgrade to Sprockets version "3.7.2"
remote:  !     or disable dynamic compilation at runtime by setting:
remote:  !     
remote:  !     ```
remote:  !     config.assets.compile = true # Disables security vulnerability
remote:  !     ```
remote:  !     
remote:  !     To read more about this security vulnerability please refer to this blog post:
remote:  !     https://blog.heroku.com/rails-asset-pipeline-vulnerability
remote:  !
remote:  !     Push rejected, failed to compile Ruby app.
remote: 
remote:  !     Push failed
remote: Verifying deploy...
remote: 
remote: !       Push rejected to project-us.

Я пытался true в assets.compile, но ничего не изменилось.

Что мне теперь делать?

Answer 1

bundle update sprockets
git commit -am "update sprockets"
git push heroku master