Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Changelog v1.23.0 #2681

Merged
merged 4 commits into from Dec 31, 2020
Merged

Changelog v1.23.0 #2681

merged 4 commits into from Dec 31, 2020

Conversation

@RunDevelopment
Copy link
Member

@RunDevelopment RunDevelopment commented Dec 30, 2020

No description provided.

@RunDevelopment RunDevelopment requested a review from mAAdhaTTah Dec 30, 2020
@github-actions
Copy link

@github-actions github-actions bot commented Dec 30, 2020

No JS Changes

Generated by 🚫 dangerJS against 0cc0239

@mAAdhaTTah
Copy link
Member

@mAAdhaTTah mAAdhaTTah commented Dec 31, 2020

@RunDevelopment Oh, that reminds me: Did we include a fix for the regex we were notified about?

@RunDevelopment
Copy link
Member Author

@RunDevelopment RunDevelopment commented Dec 31, 2020

@mAAdhaTTah Now that you mention it. The fix is trivial, so I'll just make a quick PR and merge it. We can decide on a security advisory later.

@RunDevelopment
Copy link
Member Author

@RunDevelopment RunDevelopment commented Dec 31, 2020

Done. The changelog has been updated accordingly.

@RunDevelopment
Copy link
Member Author

@RunDevelopment RunDevelopment commented Dec 31, 2020

@mAAdhaTTah After this comment, I am currently implementing an improvement for the detector, so that it will check (hopefully) all of Prism's regexes. I have already found that half of Latte is unchecked due to the nature of markup templating. Other languages that use markup templating (e.g. PHP) might also be affected.

Let's please hold the release until I have verified that there are no other detectable cases of exponential backtracking in Prism's code base.

@RunDevelopment
Copy link
Member Author

@RunDevelopment RunDevelopment commented Dec 31, 2020

@mAAdhaTTah I found one more with exponential backtracking. I'll make separate PRs for the fix and the improved test suite.

@RunDevelopment
Copy link
Member Author

@RunDevelopment RunDevelopment commented Dec 31, 2020

@mAAdhaTTah I merged the fix. The PR for the improved test suite and be dealt with after the release. I think there's nothing holding up the release now.

Copy link
Member

@mAAdhaTTah mAAdhaTTah left a comment

@RunDevelopment Thanks for doing this! Gonna publish this now.

@mAAdhaTTah mAAdhaTTah merged commit 5dc7b42 into master Dec 31, 2020
8 checks passed
@mAAdhaTTah mAAdhaTTah deleted the changelog/v1.23.0 branch Dec 31, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants