Two days ago we announced that paperclip was not affected by the ImageTragick vulnerability. Since then we learned that paperclip is affected by the ImageTragick vulnerability, and users of paperclip should upgrade to ImageMagick 7.0.1-1 or newer, which includes the fix. Another workaround is to edit the policy to disable the vulnerable ImageMagick coders.
If you deploy to Heroku’s Cedar-14 stack (check with the
command), you are already