-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Contains vulnerable copy of Expat - please update to 2.2.5 #2
Comments
Any news or issues with updating? |
Well I don't have any time until mid August, so if nobody else does first it I will do it then. The coapp bits need some adjusting to work with the updated source. |
FYI Expat 2.2.4 has just been released. It would be cool to have it updated. PS: The list of authors could used an update as well (compare with upstream author list). |
Ok I think I'm done, I can't upload the NuGet packages as I don't have permission - but they are available at https://www.myget.org/F/raggles/api/v2 if somebody wants to test them. |
Commit b965711 seems to be post-2.2.4 but even better: it includes Windows fixes.
How do we continue? |
@virmitio or @fearthecowboy control the Nuget side of things I think, but as far as I know the coapp project is dead so not sure if you will get much traction there. You could ask them if they can add you as a package owner or to transfer ownership. |
I see. I cannot take it over myself, I haven't touched real Windows in years. |
I'm afraid that @fearthecowboy is the only one who may be able to hand off package ownership. I only had an api key for uploading as the group, and that was on a machine that died without recovery a year and change ago. If there's someone who has the time and genuine interest in updating and maintaining the various packages, I'll happily prod @fearthecowboy to "gift" such ownership. The best alternative I can offer in the meantime would be to push the packages up to the feed under a revised name with similar tags so others can find the more current release. |
I'd be willing to put some time into this (and have off and on over the past years, for the packages I have access to), but I don't want it to be just me. |
Any news? |
Any news? There is Expat 2.2.6 now. |
Hi!
This repository contains an outdated vulnerable copy of Expat 2.1.0. Please update your copy to version 2.2.4 with the latest security fixes. A change log with details is available at https://github.com/libexpat/libexpat/blob/master/expat/Changes. If you happen to run into compile errors, please check post-2.2.2 commits in Git as well. Thank you!
PS: Are you going to update NuGet as well? Else, who should I contact?
Best
Sebastian
The text was updated successfully, but these errors were encountered: