I've updated it to use 0.13.0 but that introduced an error in spec/requests/magickly_app_spec.rb:114 where the get would request "src/http%3A%2F%2Fwww.foo.com%2Fimagemagick.png/resize/100x" but app.rb would receive "src/http%3A/www.foo.com/imagemagick.png/resize/100x".
The current version of Magickly uses Httparty 0.8.3 which is vulnerable to this CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1802
I've updated it to use 0.13.0 but that introduced an error in spec/requests/magickly_app_spec.rb:114 where the get would request "src/http%3A%2F%2Fwww.foo.com%2Fimagemagick.png/resize/100x" but app.rb would receive "src/http%3A/www.foo.com/imagemagick.png/resize/100x".
Adding
set :protection, :except => :path_traversal
fixes this issue. The solution came from here: https://github.com/sinatra/sinatra/issues/808Let me know if I need to do anything else. Thank you for your work on this gem!