Heroku apps rely on Heroku's version of Rails gems (right?), so how does one tel... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		thewillcole on Jan 9, 2013 \| parent \| context \| favorite \| on: Multiple vulnerabilities in parameter parsing in A... Heroku apps rely on Heroku's version of Rails gems (right?), so how does one tell if Heroku has patched these vulnerabilities yet?

willlll on Jan 9, 2013 [–]

Heroku runs whatever version you say in your Gemfile. You must update your apps yourself; There is nothing Heroku can do to update your app for you.

thewillcole on Jan 9, 2013 | [–]

But am I protected if I'm currently using a fixed version of Rails? (3.2.11, 3.1.10, 3.0.19, or 2.3.15)

willlll on Jan 9, 2013 | | [–]

yes

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact