Skip to content

Instantly share code, notes, and snippets.

Last active December 29, 2015 04:09
Show Gist options
  • Save ssaunier/7612827 to your computer and use it in GitHub Desktop.
Save ssaunier/7612827 to your computer and use it in GitHub Desktop.
On Saturday November 23rd, 2013, Heroku sent an email about CVE-2013-4164 to tell us to upgrade. Here is a script listing vulnerable apps.
#!/usr/bin/env ruby
# To simply run this script from your terminal:
# $ ruby -e "$(curl -fsSL"
# From Heroku email, you must upgrade your ruby version to:
# New: ruby 1.8.7p375 (2013-11-22 revision 375) [x86_64-linux]
# New: ruby 1.9.2p321 (2013-11-22 revision 321) [x86_64-linux]
# New: ruby 1.9.3p484 (2013-11-22 revision 43786) [x86_64-linux]
# New: ruby 2.0.0p353 (2013-11-22 revision 43784) [x86_64-linux]
def upgrade(app, ruby)
puts "\e[31m#{app}\e[0m (#{ruby}) => UPGRADE!"
def ok(app, ruby)
puts "\e[32m#{app}\e[0m (#{ruby}) => OK"
`heroku list`.split("\n").each do |app|
app = app.strip
next if app[0..2] == "===" || app == "" # Blank lines and === separator
app = app.split(" ")[0].to_s.strip # Some apps appended by owner emails
ruby_version = `heroku run ruby -v --app #{app}`.split("\n")[-1]
if ruby_version =~ /ruby (([0-9\.]*)p([0-9]*))/
patch = $3.to_i
case $2
when "1.8.7" then patch < 375 ? upgrade(app, $1) : ok(app, ruby)
when "1.9.2" then patch < 421 ? upgrade(app, $1) : ok(app, $1)
when "1.9.3" then patch < 484 ? upgrade(app, $1) : ok(app, $1)
when "2.0.0" then patch < 353 ? upgrade(app, $1) : ok(app, $1)
else puts "\e[31m#{app}\e[0m (#{1}) => UNSUPPORTED VERSION!"
puts "---------------------------------------"
puts "For each app you need to upgrade, run:"
puts "$ cd /path/to/your/app"
puts "$ git commit --allow-empty -m \"upgrade ruby version\""
puts "$ git push heroku master"
puts " "
puts "Please note that this script doesn't know which app are actually Ruby apps"
puts "If you try to upgrade the ruby version for a Node.js app, it won't work,"
puts "as Heroku does not seem to pick up the new ruby version in that case."
Copy link

Exactly, at the next push of a new commit, if the buildpack detects a Ruby app, it will perform the ruby version migration and use the latest.

Copy link

Super pratique, merci!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment