We were recently alerted to some rails vulnerabilities by Heroku. They provided us with some directions but unfortunately our main developer is no longer with us.
We have had to go in and do other things in the past using Heroku Tookbelt (Windows) which wasn't too painful but we aren't sure how to proceed with the directions that were sent out about the vulnerability. We can't get to the point to begin step 1.
Can you offer some assistance with getting us to the point where we are ready to do #1?
Here are their directions:
#1 Open the Gemfile in the affected application and change the Rails version to:
rails '[url removed, login to view]'
#2 Then run:
$ bundle update rails
#3 Then commit the results to git, and push to Heroku:
$ git push heroku master
FYI - we can connect to heroku with email and password and show the apps, etc. we just don't know how to "open the gemfile"
I'm guessing this is going to be a 5 minute answer if you know anything about Heroku and Rails
You won't actually be performing the update, you will just be explaining to us how to do it using WINDOWS!!!