Site dead. "ACTION REQUIRED: Rails Security Vulnerability "

Question

My site is currently dead therefore I can't explain how urgent for me this is.

Situation: A few days ago I received an e-mail from Heroku "ACTION REQUIRED: Rails Security Vulnerability " advising me to update rails to version '3.2.11'. After I followed all the steps in the e-mail I tried to open my web site. I was extremely surprised when I saw that I can't open my site. My site is made with RefineryCMS.

Is it possible, using git, to restore my site to the previous point in time when everything was working great?

When I run the site locally I get the following error:

ActiveRecord::RecordNotFound in Refinery::PagesController#home

Couldn't find Refinery::Page with id=torte-za-rodendan

...

app/views/stranice/naslovnica/_favourite_products.html.erb:7:in `_app_views_stranice_naslovnica__favourite_products_html_erb__4156700835010289094_66485000'

app/views/refinery/pages/home.html.erb:16:in `_app_views_refinery_pages_home_html_erb___2482419061129865361_67

Answer 1

Yep, we all got that email from Heroku.

Since your site was versioned with git before, you can undo the last commit by following these steps.

However, I am not sure whether you really need to do the above. You just need to make sure that your heroku app runs on rails 3.2.11 - it is a pretty serious security issue, maybe heroku even blocks sites that aren't upgraded quickly enough.

Follow these steps:

• Run your tests and make sure everything works
• Open up a new branch through git (git checkout -b new_rails)
• Change Rails 3.2.11 in your Gemfile
• Change RAILS_GEM_VERSION to '3.2.11' in environment.rb
• Run bundle update rails
• Run the tests and see if everything still works
• If not, reverse back to the old branch by doing git checkout master; optionally delete the new branch by doing git branch -D new_rails

Doing it only on the new branch ensures nothing breaks.

If you still get errors afterwards, please tell us what's in heroku's log.