From 75a68e8439b69d8309518931d9e9be01096ce25c Mon Sep 17 00:00:00 2001 From: Bertocq Date: Mon, 29 Jan 2018 11:08:46 +0100 Subject: [PATCH 1/2] Upgrade Paperclip to 5.2.1 for security reasons --- Gemfile | 2 +- Gemfile.lock | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index b2691da54..c5789447a 100644 --- a/Gemfile +++ b/Gemfile @@ -33,7 +33,7 @@ gem 'omniauth', '~> 1.8.1' gem 'omniauth-facebook', '~> 4.0.0' gem 'omniauth-google-oauth2', '~> 0.4.0' gem 'omniauth-twitter', '~> 1.4.0' -gem 'paperclip', '~> 5.1.0' +gem 'paperclip', '~> 5.2.1' gem 'paranoia', '~> 2.4.0' gem 'pg', '~> 0.21.0' gem 'pg_search', '~> 2.0.1' diff --git a/Gemfile.lock b/Gemfile.lock index 34f69bb33..15d1a5927 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -294,7 +294,7 @@ GEM omniauth-oauth (~> 1.1) rack orm_adapter (0.5.0) - paperclip (5.1.0) + paperclip (5.2.1) activemodel (>= 4.2.0) activesupport (>= 4.2.0) cocaine (~> 0.5.5) @@ -539,7 +539,7 @@ DEPENDENCIES omniauth-facebook (~> 4.0.0) omniauth-google-oauth2 (~> 0.4.0) omniauth-twitter (~> 1.4.0) - paperclip (~> 5.1.0) + paperclip (~> 5.2.1) paranoia (~> 2.4.0) pg (~> 0.21.0) pg_search (~> 2.0.1) From 4874090799255abfafc0722f686ab094581d1bbf Mon Sep 17 00:00:00 2001 From: Bertocq Date: Mon, 29 Jan 2018 11:36:22 +0100 Subject: [PATCH 2/2] Update Security section of unreleased at Changelog.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a13e2bf94..09a2314d7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -50,6 +50,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. - Fix social images meta tags https://github.com/consul/consul/pull/1124 ### Security +- Upgraded Paperclip version up to 5.2.1 to fix security problem https://github.com/consul/consul/pull/2393 ## [0.12.0](https://github.com/consul/consul/compare/v0.11...v0.12) - 2018-01-03