You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Pageflow 13 circumvents the issue by upgrading to Paperclip 6 which no longer registers the problematic HttpUrlProxyAdapter. Pageflow 13 still requires the UriAdapter, which is also disabled by default since Paperclip 5.2. But since Pageflow does not pass unvalidated Uri objects to Paperclip attachment, this should be ok.
Since no fixed 4.x version of Paperclip is available, there is no way to for Pageflow 12.x to be updated without including breaking changes of Paperclip 5. A monkeypatch to disable io adapters in Paperclip 4 can be found in this blog post
For pageflow (12.4.0) there is a explicit dependency for paperclip 4.2.4 which recently disclosed CVE-2017-0889:
thoughtbot/paperclip#2530 (comment)
Does this affect pageflow?
The text was updated successfully, but these errors were encountered: