Easy upload management for ActiveRecord

Critical or Security advisories for 5.2.1

This version doesn't have any advisory. Want to report one?

Changelog for 5.2.1

5.2.1 (2018-01-25):

  • Bugfix: Fix copying files on Windows. (#2532)

5.2.0 (2018-01-23):

  • Security: Remove the automatic loading of URI adapters. Some of these adapters can be specially crafted to expose your network topology. (#2435)

  • Bugfix: The rake task no longer rescues Exception. (#2476)

  • Bugfix: Handle malformed Content-Disposition headers (#2283)

  • Bugfix: The :only_process option works when passed a lambda again. (#2289)

  • Improvement: Added :use_accelerate_endpoint option when using S3 to enable Amazon S3 Transfer Acceleration (#2291)

  • Improvement: Make the fingerprint digest configurable per attachment. The default remains MD5. Making this configurable means it can change in a future version because it is not considered secure anymore against intentional file corruption. For more info, see

    You can change the digest used for an attachment by adding the :adapter_options parameter to the has_attached_file options like this: has_attached_file :avatar, adapter_options: { hash_digest: Digest::SHA256 }

    Use the rake task to regenerate fingerprints with the new digest for a given class. Note that this does not check the file integrity using the old fingerprint. Run the following command to regenerate fingerprints for all User attachments: CLASS=User rake paperclip:refresh:fingerprints You can optionally limit the attachment that will be processed, e.g: CLASS=User ATTACHMENT=avatar rake paperclip:refresh:fingerprints (#2229)

  • Improvement: The new frame_index option on the thumbnail processor allows you to select a specific frame from an animated upload to use as a thumbnail. Initial support is for mkv, avi, MP4, mov, MPEG, and GIF. (#2155)

  • Improvement: Instead of copying files, use hard links. This is an optimization. (#2120)

  • Improvement: S3 storage option :s3_prefixes_in_alias. (#2287)

  • Improvement: Fog option :fog_public can be a lambda. (#2302)

  • Improvement: One fewer warning on JRuby. (#2352)

Dependencies for 5.2.1

Name Requirement Status
>= 4.2.0

>= 4.2.0

~> 0.5.5

>= 0

~> 0.3.0

My projects using paperclip

Name Locked version Requirement
You should be logged in to see which of your projects use paperclip.