Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update paperclip #7

Closed
wants to merge 1 commit into from
Closed

update paperclip #7

wants to merge 1 commit into from

Conversation

nossila
Copy link

@nossila nossila commented Jan 29, 2018

because of security issue mentioned in
thoughtbot/paperclip#2530

@nossila
update paperclip
10bc097 
because of security issue mentioned in
thoughtbot/paperclip#2530
@nossila nossila mentioned this pull request Jan 30, 2018
Merged
@jexp
Copy link

jexp commented Feb 20, 2018

ping @cheerfulstoic

@cheerfulstoic
Copy link

I'm not sure it's the responsibility of the neo4jrb-paperclip gem (or any helper / integration library) to require versions of security purposes. As I understand, version specifications in the gemspec are to specify which versions of paperclip that this gem is compatible with. If somebody is using a project with an older version of paperclip and doesn't have the time to upgrade and it's an internal project or they are OK with the security tradeoffs, that's probably up to them to upgrade their version of paperclip when they are ready.

@cheerfulstoic
Copy link

Closing, but that doesn't mean I'm not open to being convinced

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@nossila @jexp @cheerfulstoic