Yesterday we upgraded our EC2 servers to a new custom Ubuntu AMI. They are now running ruby 3.1.2 (up from 3.1.1) and connecting to a RDS Postgres 14.2 database (up from 13.2). We remained on the same Rails version (we follow main, currently on ref
A couple of hours later, we noticed that every link we had sent on emails and sms messages that included a model’s
signed_id were broken. ActionText, which internally relies on MessageVerifier was also broken.
Checking one of the affected models, we noticed that the
signed_id had changed. Same happened with ActionText global_signed_id. We double checked our credentials, and there were no changes in the secret key base.
I’ve read through the signing code, but I’m not familiar with security code, so I don’t know how what might have caused the change.
TL:DR: Is there a change on server software, gem version, ruby version, or anything else that can cause
signed_id to change when the
signed_key_base did not?