aboutsummaryrefslogtreecommitdiffstats
path: root/guides/source/security.md
diff options
context:
space:
mode:
authorGannon McGibbon <gannon.mcgibbon@gmail.com>2018-11-06 18:05:40 -0500
committerGannon McGibbon <gannon.mcgibbon@gmail.com>2018-11-06 18:06:57 -0500
commite74fdbe00cd0f403d34f2bc83eb09e7a5bc56109 (patch)
tree4e877f54ddac0d36774763fb880cc8b2cf035caf /guides/source/security.md
parentbb11a9acab15b87d6074fb6af9405287942a7eee (diff)
downloadrails-e74fdbe00cd0f403d34f2bc83eb09e7a5bc56109.tar.gz
rails-e74fdbe00cd0f403d34f2bc83eb09e7a5bc56109.tar.bz2
rails-e74fdbe00cd0f403d34f2bc83eb09e7a5bc56109.zip
Amend CVE note and security guide section wordings
Reword first sentence of dep management and CVE section of security guide. Also, reword and move gemspec notes above deps. [ci skip]
Diffstat (limited to 'guides/source/security.md')
-rw-r--r--guides/source/security.md2
1 files changed, 1 insertions, 1 deletions
diff --git a/guides/source/security.md b/guides/source/security.md
index 66b922ea35..dbec3cdd2d 100644
--- a/guides/source/security.md
+++ b/guides/source/security.md
@@ -1238,7 +1238,7 @@ Rails.application.credentials.some_api_key! # => raises KeyError: :some_api_key
Dependency Management and CVEs
------------------------------
-Please note that we do not accept patches for CVE version bumps. This is because application owners need to manually update their gems regardless of our efforts. Use `bundle update --conservative gem_name` to safely update vulnerable dependencies.
+We don’t bump dependencies just to encourage use of new versions, including for security issues. This is because application owners need to manually update their gems regardless of our efforts. Use `bundle update --conservative gem_name` to safely update vulnerable dependencies.
Additional Resources
--------------------