This repository has been archived by the owner on Jul 13, 2023. It is now read-only.
Github notifying us of CVE-2017-0889 for 5.2.0 #2547
Comments
|
@mveytsman / @phillmv -- can one of you help get this fixed? Not sure what data source GitHub is using. Note that https://github.com/rubysec/ruby-advisory-db/blob/master/gems/paperclip/CVE-2017-0889.yml is correct. |
|
Thanks for the ping @reedloden. This does indeed look like an issue with GitHub's data, I'll ping this issue again when we fix it. |
|
This should be fixed now. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hi Paperclip folks,
Github sent us an email earlier today telling us that 5.2.0 is vulnerable to
CVE-2017-0889, but we believed that 5.2.0 contained the fix toCVE-2017-0889, as confirmed by the release page, the PR, and the NIST website.We're going to upgrade to 5.2.1 to be on the safe side, but just wanted to ping y'all over here about this warning - maybe github has incorrect data?
@zaksoup and @glassresistor
Code for America
The text was updated successfully, but these errors were encountered: