Question

我在Heroku上运行Rails已有一年多了，但是今天我遇到了一个问题，当我运行git push heroku master然后像下面这样时，Heroku的最新提交无法推送失败

remote:  !     A security vulnerability has been detected in your application.
remote:  !     To protect your application you must take action. Your application
remote:  !     is currently exposing its credentials via an easy to exploit directory
remote:  !     traversal.
remote:  !     
remote:  !     To protect your application you must either upgrade to Sprockets version "3.7.2"
remote:  !     or disable dynamic compilation at runtime by setting:
remote:  !     
remote:  !     ```
remote:  !     config.assets.compile = true # Disables security vulnerability
remote:  !     ```
remote:  !     
remote:  !     To read more about this security vulnerability please refer to this blog post:
remote:  !     https://blog.heroku.com/rails-asset-pipeline-vulnerability
remote:  !
remote:  !     Push rejected, failed to compile Ruby app.
remote: 
remote:  !     Push failed
remote: Verifying deploy...
remote: 
remote: !       Push rejected to project-us.

我尝试在true中assets.compile，但没有任何改变。

我现在该怎么办？

Answer 1

bundle update sprockets
git commit -am "update sprockets"
git push heroku master

在您的应用程序中检测到一个安全漏洞

1 个答案: