Skip to content

2.0.3

Latest
Latest
Compare
Choose a tag to compare
@MSNev MSNev released this 12 Jan 23:30
· 6 commits to main since this release
2.0.3
4c71cef
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Blocks a medium level prototype pollution vulnerability.

Changes

  • #81 [Main] Task 26377610: [DynamicProto] Investigate possible security issue with prototype pollution
    • This removes the identified methods for polluting the prototype chain by
      • adding additional checks to the _isDynamicCandidate() and _populateProtype() functions.
      • Using Object.create(null) for internal objects to avoid prototype pollution.

What's Changed

  • [Main] Task 26377610: [DynamicProto] Investigate possible security issue with prototype pollution by @MSNev in #81
  • [Main] [Release] Increase version to 2.0.3 by @MSNev in #83

Full Changelog: 2.0.2...2.0.3

Contributors

MSNev
Assets 2
Loading