Skip to content

Commit

Permalink
Upgrade to Paperclip 5.2.0
Browse files Browse the repository at this point in the history 
This addresses CVE-2017-0889

Paperclip ruby gem version 3.1.4 and later suffers from 
a Server-SIde Request Forgery (SSRF) vulnerability in 
the Paperclip::UriAdapter class. Attackers may be able 
to access information about internal network resources.

https://nvd.nist.gov/vuln/detail/CVE-2017-0889
  • Loading branch information
@jankeesvw @bbonislawski
jankeesvw authored and bbonislawski committed Jan 24, 2018
1 parent df29364 commit bb96cc8
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion core/spree_core.gemspec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ Gem::Specification.new do |s|
s.add_dependency 'highline', '~> 1.6.18' # Necessary for the install generator
s.add_dependency 'kaminari', '~> 1.0.1'
s.add_dependency 'monetize', '~> 1.1'
s.add_dependency 'paperclip', '~> 5.1.0'
s.add_dependency 'paperclip', '~> 5.2.0'
s.add_dependency 'paranoia', '~> 2.3.0'
s.add_dependency 'premailer-rails'
s.add_dependency 'acts-as-taggable-on', '~> 5.0'
Expand Down

0 comments on commit bb96cc8

Please sign in to comment.