With the very recent and extremely serious Rails security vulnerability there have been more than a few people around asking how they update their Rails apps in order to be safe. Luckily Rails makes the update process relatively easy for any simple apps. If you have a large app with a large team, you probably shouldn't be getting basic advice from a blog on the internet anyway!
How to Update
I'll be assuming you're running Rails
- Open your Gemfile
- Make sure there's a line like:
gem 'rails', '~> 3.2.0'in there.
bundle update rails
- Run your test suite (you do have a test suite... right?!)
- Deploy your code.
It's really that easy!
What is happening here
Understanding those steps is probably just as important as actually performing them. So I'm going to break it down for anyone reading this.
Gemfile.lock are used by bundler to manage your application dependencies.
You declare your application dependencies in your
Gemfile and then you run
bundle install to
Gemfile.lock file. When your Rails application starts it reads the
Gemfile.lock file so it can
figure out which gems to require. This work is done in your
config/boot.rb file. You'll see something like:
require 'rubygems' gemfile = File.expand_path('../../../../Gemfile', __FILE__) if File.exist?(gemfile) ENV['BUNDLE_GEMFILE'] = gemfile require 'bundler' Bundler.setup end $:.unshift File.expand_path('../../../../lib', __FILE__)
Bundler.setup message requires the gems in your
What is the Gemfile.lock then?
Gemfile.lock file is created by bundler (normally when you run
bundle install. This file contains
a snapshot of all the gems (and their dependencies) used by your application. This means that if you share your application
with someone else, when they run
bundle install bundler will skip the dependency calculation process and simply
install the Gems specified in the
Gemfile.lock. *You should always commit both the
Gemfile.lock to your
source control system (you should be using git).
The bundler website has some great information on this and other topics. I'd recommend starting with: http://gembundler.com/rationale.html