Added workaround

phillmv · web-flow · commit dc9a8d43b627 · 2018-06-19T12:14:21.000-04:00
diff --git a/gems/sprockets/CVE-2018-3760.yml b/gems/sprockets/CVE-2018-3760.yml
@@ -5,9 +5,18 @@ url: https://groups.google.com/forum/#!topic/ruby-security-ann/2S9Pwz2i16k
 title: Path Traversal in Sprockets
 date: 2018-06-19
 description: |
-  Specially crafted requests can be used to access files that exists on
+  Specially crafted requests can be used to access files that exist on
   the filesystem that is outside an application's root directory, when the
   Sprockets server is used in production.
+  
+  All users running an affected release should either upgrade or use one of the work arounds immediately.
+  
+  Workaround:
+  In Rails applications, work around this issue, set `config.assets.compile = false` and
+  `config.public_file_server.enabled = true` in an initializer and precompile the assets.
+
+   This work around will not be possible in all hosting environments and upgrading is advised.
+
 patched_versions:
   - ">= 2.12.5, < 3.0.0"
   - ">= 3.7.2, < 4.0.0"
