Skip to content

Commit

Permalink
doc note for CVE-2021-33564
Browse files Browse the repository at this point in the history
  • Loading branch information
@markevans
markevans committed May 26, 2021
1 parent 35e88d1 commit ec8da75
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 2 deletions.
2 changes: 1 addition & 1 deletion History.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@

## Fixes

- Better security for all job steps with parameter validations
- Better security for all job steps with parameter validations - addresses CVE-2021-33564

# 1.3.0 (2021-01-09)

Expand Down
8 changes: 7 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ Installation

or in your Gemfile
```ruby
gem 'dragonfly', '~> 1.2.2'
gem 'dragonfly', '~> 1.4.0'
```

Require with
Expand All @@ -72,6 +72,12 @@ See [the Add-ons wiki](http://github.com/markevans/dragonfly/wiki/Dragonfly-add-

Please feel free to contribute!!

Security notice!
=================
If you have set `verify_urls` to `false` (which is **not** recommended) then you should upgrade to version `1.4.x` for a security fix ([CVE-2021-33564](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33564).

Please feel free to contribute!!

Issues
======
Please use the <a href="http://github.com/markevans/dragonfly/issues">github issue tracker</a> if you have any issues.
Expand Down

0 comments on commit ec8da75

Please sign in to comment.