diff options
| author | Rafael França <rafaelmfranca@gmail.com> | 2018-11-06 18:23:29 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-11-06 18:23:29 -0500 |
| commit | 133e0ba33db5887b047c9ac8233e5b414657bca5 (patch) | |
| tree | d96fbfa7fc259a20d340727e706417efc88a77cb /guides/source/security.md | |
| parent | 90ee327b632f454c3cd7265be5f96a74d160c536 (diff) | |
| parent | e74fdbe00cd0f403d34f2bc83eb09e7a5bc56109 (diff) | |
| download | rails-133e0ba33db5887b047c9ac8233e5b414657bca5.tar.gz rails-133e0ba33db5887b047c9ac8233e5b414657bca5.tar.bz2 rails-133e0ba33db5887b047c9ac8233e5b414657bca5.zip | |
Merge pull request #34392 from gmcgibbon/gem_security_note_amend
Amend CVE note and security guide section wordings
Diffstat (limited to 'guides/source/security.md')
| -rw-r--r-- | guides/source/security.md | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/guides/source/security.md b/guides/source/security.md index 66b922ea35..dbec3cdd2d 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -1238,7 +1238,7 @@ Rails.application.credentials.some_api_key! # => raises KeyError: :some_api_key Dependency Management and CVEs ------------------------------ -Please note that we do not accept patches for CVE version bumps. This is because application owners need to manually update their gems regardless of our efforts. Use `bundle update --conservative gem_name` to safely update vulnerable dependencies. +We don’t bump dependencies just to encourage use of new versions, including for security issues. This is because application owners need to manually update their gems regardless of our efforts. Use `bundle update --conservative gem_name` to safely update vulnerable dependencies. Additional Resources -------------------- |