From f66a977fc7ae30d2a07124ad91924c4ee638a703 Mon Sep 17 00:00:00 2001 From: Kasper Timm Hansen Date: Tue, 8 Jan 2019 22:16:58 +0100 Subject: Revert "Merge pull request #34387 from yhirano55/rails_info_properties_json" We had a discussion on the Core team and we don't want to expose this information as a JSON endpoint and not by default. It doesn't make sense to expose this JSON locally and this controller is only accessible in dev, so the proposed access from a production app seems off. This reverts commit 8eaffe7e89719ac62ff29c2e4208cfbeb1cd1c38, reversing changes made to b6e4305c3bca4c673996d0af9db0f4cfbf50215e. --- guides/source/security.md | 5 ----- 1 file changed, 5 deletions(-) (limited to 'guides/source') diff --git a/guides/source/security.md b/guides/source/security.md index dbec3cdd2d..bb996cc39c 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -1235,11 +1235,6 @@ version: Rails.application.credentials.some_api_key! # => raises KeyError: :some_api_key is blank ``` -Dependency Management and CVEs ------------------------------- - -We don’t bump dependencies just to encourage use of new versions, including for security issues. This is because application owners need to manually update their gems regardless of our efforts. Use `bundle update --conservative gem_name` to safely update vulnerable dependencies. - Additional Resources -------------------- -- cgit v1.2.3