Skip to content

security vulnerability detected while using deploy to heroku #420

Open
Open
security vulnerability detected while using deploy to heroku#420
@roberthopman

Description

@roberthopman
roberthopman
opened on Jul 27, 2018

Expected outcome:
Deploy to Heroku works and I can start logging hours.

Actual outcome:


A security vulnerability has been detected in your application.
 !     To protect your application you must take action. Your application
 !     is currently exposing its credentials via an easy to exploit directory
 !     traversal.
 !     
 !     To protect your application you must either upgrade to Sprockets version "3.7.2"
 !     or disable dynamic compilation at runtime by setting:
 !     
 !     ```
 !     config.assets.compile = false # Disables security vulnerability
 !     ```
 !     
 !     To read more about this security vulnerability please refer to this blog post:
 !     https://blog.heroku.com/rails-asset-pipeline-vulnerability
 !
 !     Push rejected, failed to compile Ruby app.
 !     Push failed

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions