在您的应用程序中检测到安全漏洞

Question

我运行在 Heroku 上 Rails 一年多了，但今天我遇到了一个问题，当我运行 git push heroku master 然后像下面一样

remote:  !     A security vulnerability has been detected in your application.
remote:  !     To protect your application you must take action. Your application
remote:  !     is currently exposing its credentials via an easy to exploit directory
remote:  !     traversal.
remote:  !     
remote:  !     To protect your application you must either upgrade to Sprockets version "3.7.2"
remote:  !     or disable dynamic compilation at runtime by setting:
remote:  !     
remote:  !     ```
remote:  !     config.assets.compile = true # Disables security vulnerability
remote:  !     ```
remote:  !     
remote:  !     To read more about this security vulnerability please refer to this blog post:
remote:  !     https://blog.heroku.com/rails-asset-pipeline-vulnerability
remote:  !
remote:  !     Push rejected, failed to compile Ruby app.
remote: 
remote:  !     Push failed
remote: Verifying deploy...
remote: 
remote: !       Push rejected to project-us.

我在 assets.compile 中尝试 true 但没有任何改变。

我现在可以做什么？

Answer 1

bundle update sprockets
git commit -am "update sprockets"
git push heroku master

在您的应用程序中检测到安全漏洞

A security vulnerability has been detected in your application

ruby

ruby-on-rails

heroku

sprockets