diff options
author | Aaron Patterson <aaron.patterson@gmail.com> | 2019-03-10 16:37:46 -0700 |
---|---|---|
committer | John Hawthorn <john@hawthorn.email> | 2019-03-10 21:30:03 -0700 |
commit | 4c743587ad6a31908503ab317e37d70361d49e66 (patch) | |
tree | dea618c58eb9c761555d60d20030372c1ecc3131 /actioncable/lib/action_cable/server/base.rb | |
parent | f4c70c2222180b8d9d924f00af0c7fd632e26715 (diff) | |
download | rails-4c743587ad6a31908503ab317e37d70361d49e66.tar.gz rails-4c743587ad6a31908503ab317e37d70361d49e66.tar.bz2 rails-4c743587ad6a31908503ab317e37d70361d49e66.zip |
Fix possible dev mode RCE
If the secret_key_base is nil in dev or test generate a key from random
bytes and store it in a tmp file. This prevents the app developers from
having to share / checkin the secret key for dev / test but also
maintains a key between app restarts in dev/test.
[CVE-2019-5420]
Co-Authored-By: eileencodes <eileencodes@gmail.com>
Co-Authored-By: John Hawthorn <john@hawthorn.email>
Diffstat (limited to 'actioncable/lib/action_cable/server/base.rb')
0 files changed, 0 insertions, 0 deletions