Skip to content

v0.2.1

Choose a tag to compare

View all tags
@ayuhito ayuhito released this 25 Sep 14:17
· 130 commits to main since this release
v0.2.1
0dd3d52
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Bug Fixes and Improvements

🛡️ This release focuses on security and involved going through node-tar and tar-fs's past CVEs and issues, and validating if they can be replicated with modern-tar.

  • fix(fs): unpack traversal and symlink cache poisoning by @ayuhito in #10
  • fix(fs): normalize unicode paths to prevent cache poisoning by @ayuhito in #11
  • fix(fs): add max depth validation by @ayuhito in #12
  • fix(strip): handle absolute symlinks by @ayuhito in #13
  • docs: readme bad indenting by @ayuhito in #14
  • ci: add auto bump release script by @ayuhito in #15
  • ci(release): switch to main branch before committing by @ayuhito in #16

Full Changelog: v0.2.0...v0.2.1

Contributors

ayuhito
Assets 2
Loading