search

alphagov / asset-manager

Manages uploaded assets (images, PDFs etc.) for applications on GOV.UK
https://docs.publishing.service.gov.uk/apps/asset-manager.html
MIT License
9 stars 9 forks source link

Upgrade carrierwave to mitigate CVE-2016-3714 #65

Open floehopper opened 7 years ago

floehopper commented 7 years ago

At first glance it looks as if Asset Manager is affected by the same issue as described in alphagov/whitehall#2577.

chrisroos commented 6 years ago

Carrierwave was upgraded from 0.10 to 0.11.2 in https://github.com/alphagov/asset-manager/pull/351. This appears to contain a fix for CVE-2016-3714 although (see the comments in https://github.com/carrierwaveuploader/carrierwave/issues/1933) although it looks as though additional work might be involved to make use of the fix (see https://github.com/carrierwaveuploader/carrierwave/tree/0.11-stable#cve-2016-3714-imagetragick).