aboutsummaryrefslogtreecommitdiffstats
path: root/guides/source/security.md
diff options
context:
space:
mode:
Diffstat (limited to 'guides/source/security.md')
-rw-r--r--guides/source/security.md7
1 files changed, 6 insertions, 1 deletions
diff --git a/guides/source/security.md b/guides/source/security.md
index 01de952df1..a2fb4663cf 100644
--- a/guides/source/security.md
+++ b/guides/source/security.md
@@ -1193,10 +1193,15 @@ version:
Rails.application.credentials.some_api_key! # => raises KeyError: :some_api_key is blank
```
+
TIP: Learn more about credentials with `rails credentials:help`.
WARNING: Keep your master key safe. Do not commit your master key.
-WARNING: If your application's secrets have been exposed, strongly consider changing them.
+
+Dependency Management and CVEs
+------------------------------
+
+We don’t bump dependencies just to encourage use of new versions, including for security issues. This is because application owners need to manually update their gems regardless of our efforts. Use `bundle update --conservative gem_name` to safely update vulnerable dependencies.
Additional Resources
--------------------
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-28 16:44:18 +0000