"Unfortunately there is a security vulnerability in Dragonfly when used with Rails which would potentially allow an attacker to run arbitrary code on a host machine using carefully crafted requests.
The vulnerability has been assigned the CVE identifier CVE-2013-1756.
Dragonfly version 0.9.14 has been released, which fixes the vulnerability.
It is recommended that you upgrade immediately."