Blog

[SECURITY] Vulnerability in Dragonfly 0.9.12 (Affected Refinery Versions: > 0.9.7)

Posted on 2013-02-25.

54 seconds read.

A vulnerability allowing the possibility of remote code execution has been discovered in Dragonfly, Refinery's image and file processor.

You can read about the details here: https://groups.google.com/forum/?fromgroups=#!topic/dragonfly-users/3c3WIU3VQTo

We strongly urge all Refinery users to update their sites as soon as possible. Steps to mitigate the problem are as follows:

Run `bundle update dragonfly`.
Ensure that your application is now running Dragonfly v. 0.9.14, and that everything functions correctly.

This should work correctly across all Refinery versions.

Many thanks to Charlie Somerville for reporting the vulnerability, and many thanks to Mark Evans, author of Dragonfly, who worked tirelessly to correct the issue.

Thanks,

Rob Yurkowski
Refinery CMS Core Team

RSS Feed

Latest Posts

Refinery CMS 5.0 sneak peek
Refinery CMS 4.0.2 Released
Refinery CMS 4.0.1 Released
Refinery CMS 3.0.6 Released
Refinery CMS 4.0.0 Released with Rails 5.1 support
Use Refinery CMS as a headless API-first CMS
Refinery CMS 3.0.5 Released
5 easy steps to use Refinery CMS and Spree e-commerce on the same Ruby on Rails application
Refinery CMS 3.0.4 Released
5 things you (probably) didn’t know about Refinery CMS

[SECURITY] Vulnerability in Dragonfly 0.9.12 (Affected Refinery Versions: > 0.9.7)

RSS Feed

Categories

Tags

Latest Posts

Archives