search

locomotivecms / heroku-instant-deploy

Rails app running Locomotive and deployable instantly on Heroku
MIT License
12 stars 16 forks source link

Deploy to Heroku Fails due to Sprockets #9

Closed ethantmcgee closed 5 years ago

ethantmcgee commented 6 years ago

Running the deploy to Heroku with standard settings fails due to a security vulnerability.

Relevant logs from Heroku below.

-----> Detecting rails configuration

 !
 !     A security vulnerability has been detected in your application.
 !     To protect your application you must take action. Your application
 !     is currently exposing its credentials via an easy to exploit directory
 !     traversal.
 !     
 !     To protect your application you must either upgrade to Sprockets version "3.7.2"
 !     or disable dynamic compilation at runtime by setting:
 !     
 !     ```
 !     config.assets.compile = false # Disables security vulnerability
 !     ```
 !     
 !     To read more about this security vulnerability please refer to this blog post:
 !     https://blog.heroku.com/rails-asset-pipeline-vulnerability
 !
 !     Push rejected, failed to compile Ruby app.

 !     Push failed
did commented 5 years ago

just fixed. it's now based on the very last version of Engine (4.0.0.rc0)