The 'paperclip' gem has security vulnerabilities and should be updated

[zjullion]

Version 5.1.0 of paperclip has a security vulnerability: thoughtbot/paperclip#2435

You should update to 5.2.0 as soon as possible.

[bbonislawski]

Thanks for reporting, but this issue is already fixed with 0131a7e . Please consider verifying issues like that before you post anything since it wastes our time to check issues like that.

[vernondegoede]

The latest version which is available on Rubygems is 3.4.4. This version still has paperclip 4.1.0 as a dependency.

Can you publish a 3.4.5 version which uses paperclip 5.2.0?

[damianlegawiec]

Hey @vernondegoede 3.4.4 uses paperclip 5.1.0 but we'll release 3.4.5 with paperclip 5.2.0today :)

[vernondegoede]

Great! Thanks @damianlegawiec

[vernondegoede]

@bbonislawski @damianlegawiec Any update on this issue? Anything I can do to help?

[damianlegawiec]

@vernondegoede both 3.3.5 and 3.4.5 containing the fix were pushed to RubyGems yesterday - sorry for the late update!

https://github.com/spree/spree/releases/tag/v3.3.5
https://github.com/spree/spree/releases/tag/v3.4.5