Remove the automatic loading of URI Adapters
Remove the URI adapters. Few people use them by default and they can allow insight into the internal networks of the server. If you want to enable them, add (for example) `Paperclip.DataUriAdapter.register` to your `config/initializers/paperclip.rb` file. This is related to CVE-2017-0889. Elsewhere fix CI: it's `s3.us-west-2` now, with a dot.
Showing
... | @@ -12,4 +12,5 @@ group :development, :test do | ... | @@ -12,4 +12,5 @@ group :development, :test do |
gem 'mime-types' | gem 'mime-types' | ||
gem 'builder' | gem 'builder' | ||
gem 'rubocop', require: false | gem 'rubocop', require: false | ||
gem 'rspec' | |||
end | end |
Please
register
or
sign in
to comment