Skip to content

Commit

Permalink
Upgrade paperclip dependency to fix security issue.
Browse files Browse the repository at this point in the history 
"It's possible to cause a DoS by uploading files with a spoofed media
type, because it causes megabytes of logging to be written."

See thoughtbot/paperclip#2017 and
thoughtbot/paperclip#2126
  • Loading branch information
@berkes
berkes committed Apr 18, 2016
1 parent 30e26e7 commit f59e4b0
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion core/spree_core.gemspec
View file
Expand Up @@ -31,7 +31,7 @@ Gem::Specification.new do |s|
s.add_dependency 'highline', '~> 1.6.18' # Necessary for the install generator
s.add_dependency 'kaminari', '~> 0.15', '>= 0.15.1'
s.add_dependency 'monetize', '~> 1.1'
s.add_dependency 'paperclip', '~> 4.2.0'
s.add_dependency 'paperclip', '~> 4.3.0'
s.add_dependency 'paranoia', '~> 2.1.0'
s.add_dependency 'premailer-rails'
s.add_dependency 'rails', '~> 4.2.6'
Expand Down

0 comments on commit f59e4b0

Please sign in to comment.