Skip to content

v1.1.2 — GHSA IDs published

Choose a tag to compare

View all tags
@anzory anzory released this 20 Apr 22:54
· 16 commits to master since this release
v1.1.2
9dc03ea

ℹ️ Docs-only release. Extension behavior is identical to v1.1.0/v1.1.1.

Documentation

  • SECURITY.md
    now links to the two published GitHub Security Advisories:
    • GHSA-92vg-f4fq-fxm9
      — XXE + billion-laughs DoS in .vmid parser (High; affected 1.0.0, 1.0.1; fixed in 1.0.2).
    • GHSA-xvpx-9p39-g62m
      — Path traversal in inc directive, enables file probing and NTLM leak over UNC
      (High; affected 0.7.0–1.0.1; fixed in 1.0.2).
  • CVE IDs for both advisories have been requested via the GitHub CNA
    and will be attached to the advisories in 1–3 business days.
  • If you are still on v1.0.0 or v1.0.1 — please upgrade to v1.1.2
    immediately    . VS Code auto-update normally handles this after a
    window reload.

No code changes

237 tests green (unchanged from v1.1.0).

Full changelog: CHANGELOG.md

Assets 3
Loading