ImageMagick vulnerability does not affect Paperclip

UPDATE: Paperclip IS vulnerable to ImageTragick Vulnerability CVE-2016–3714 in ImageMagick was disclosed yesterday. One of the vulnerabilities can lead to remote code execution (RCE) when processing user submitted images. See ImageMagick’s disclosure. See related paperclip issue. Updates and proof of concept will be available in imagetragick.com. The Paperclip gem makes use of ImageMagick. It veri

[tadyjp]

画像変換のPaperclip gemはv4.3からImageTragickの脆弱性が回避されている > “Paperclip versions 4.2.2 and newer don’t have known vulnerabilities (versions earlier than 4.2.2 are vulnerable to CVE-2015-2963). There is no need to upgrade Paperclip in light of CVE-2016–3714.”