v4.0.0

NEWS

@@ -1,3 +1,11 @@
+New in 4.0.0:
+
+* Security: Attachments are checked to make sure they're not pulling a fast one.
+* Security: It is now *enforced* that every attachment has a file/mime validation.
+* Bug Fix: Removed a call to IOAdapter#close that was causing issues.
+* Improvement: Added bullets to the 3.5.3 list of changes. Very important.
+* Improcement: Updated the copyright to 2014
+
 New in 3.5.3:
 
 * Improvement: After three long, hard years... we know how to upgrade

README.md

@@ -104,6 +104,7 @@ Quick Start
 class User < ActiveRecord::Base
   attr_accessible :avatar
   has_attached_file :avatar, :styles => { :medium => "300x300>", :thumb => "100x100>" }, :default_url => "/images/:style/missing.png"
+  validates_attachment_content_type :avatar, :content_type => /\Aimage\/.*\Z/
 end
 ```
 
@@ -112,6 +113,7 @@ end
 ```ruby
 class User < ActiveRecord::Base
   has_attached_file :avatar, :styles => { :medium => "300x300>", :thumb => "100x100>" }, :default_url => "/images/:style/missing.png"
+  validates_attachment_content_type :avatar, :content_type => /\Aimage\/.*\Z/
 end
 ```
 
@@ -302,6 +304,38 @@ validates_attachment :avatar,
 `Paperclip::ContentTypeDetector` will attempt to match a file's extension to an
 inferred content_type, regardless of the actual contents of the file.
 
+Security Validations
+====================
+
+NOTE: Starting at version 4.0.0, all attachments are *required* to include a
+content_type validation, a file_name validation, or to explicitly state that
+they're not going to have either. *Paperclip will raise an error* if you do not
+do this.
+
+```ruby
+class ActiveRecord::Base
+  has_attached_file :avatar
+# Validate content type
+  validates_attachment_content_type :avatar, :content_type => /\Aimage/
+# Validate filename
+  validates_attachment_file_name :avatar, :matches => [/png\Z/, /jpe?g\Z/]
+# Explicitly do not validate
+  do_not_validate_attachment_file_type :avatar
+end
+```
+
+This keeps Paperclip secure-by-default, and will prevent people trying to mess
+with your filesystem.
+
+NOTE: Also starting at version 4.0.0, Paperclip has another validation that
+cannot be turned off. This validation will prevent content type spoofing. That
+is, uploading, say, a PHP document as part of the EXIF tags of a well-formed
+JPEG. This check is limited to the media type (the first part of the MIME type,
+so, 'text' in 'text/plain'). This will prevent HTML documents from being
+uploaded as JPEGs, but will not prevent GIFs from being uploaded with a .jpg
+extension. This validation will only add validation errors to the form. It will
+not cause Errors to be raised.
+
 Defaults
 --------
 Global defaults for all your paperclip attachments can be defined by changing the Paperclip::Attachment.default_options Hash, this can be useful for setting your default storage settings per example so you won't have to define them in every has_attached_file definition.

lib/paperclip/version.rb

@@ -1,3 +1,3 @@
 module Paperclip
-  VERSION = "3.5.3" unless defined? Paperclip::VERSION
+  VERSION = "4.0.0" unless defined? Paperclip::VERSION
 end