|
|
|
|
|
|
by jroes
4919 days ago
|
|
|
This is how I understand the issue as well. Many people in this thread are commenting about massive dangers, but I don't think anyone has bothered to actually read the references in the CVE. Also, even open source projects typically ensure or recommend that the secret token be regenerated when using in production environments. |
|
|
https://groups.google.com/forum/?fromgroups=#!topic/rubyonra...