We had the issue, that a VCR spec failed, after updating CarrierWave from version 0.11.0 to 1.3.2.
In this version, CarrierWave uses the gem SsrfFilter, which retrieves the IP addresses for the given hostname and replaces the hostname in the requested url with one of them.

Rails Long Term Support

Rails LTS provides security patches for old versions of Ruby on Rails (2.3, 3.2, 4.2 and 5.2)

• Prevents you from data breaches and liability risks
• Upgrade at your own pace
• Works with modern Rubies

Read more Show archive.org snapshot

It works with IPv4 addresses, but not with IPv6 addresses, because WebMock cannot handle those correctly Show archive.org snapshot :

uri = "#{protocol}://#{net_http.address}:#{net_http.port}#{path}"

There must be square brackets around the IPv6 address, to separate it from the port, like http://[2606:4700:3035::6815:4061]:80/Content/Test/example.jpg, which WebMock does not consider.

It leads to the following errors (which are rescued in the CarrierWave code):

• Invalid port number: \"b4ea\" for an address like 2606:4700:3033:0000:0000:0000:ac43:b4ea
• bad URI(is not URI?): http://2606:4700:3035::6815:4061/Content/Test/example.jpg

There is already an issue on GitHub Show archive.org snapshot , where we offered a patch.

The fix was applied in version 3.12.1 Show archive.org snapshot .