JLine 4.3.1 is a security patch release addressing ReDoS vulnerabilities.
🔒 Security Fixes
- fix: guard regex matching against catastrophic backtracking (ReDoS) (#2012) @gnodet
- Adds
SafeRegexutility withTimeoutCharSequenceto enforce wall-clock deadlines during regex matching - Fixes 8 locations across
terminal,reader, andbuiltinswhere user-controlled input could trigger catastrophic backtracking - Addresses GHSA-r2xf-8xr9-62gw, GHSA-2v9w-34q6-wpqx, GHSA-ph9c-7hw9-vhhw, GHSA-5q95-hrpc-m3w3
- Adds
🐛 Bug Fixes
- fix: warn on insecure permissions when history file created concurrently (#2013) @gnodet
- fix: add synchronized to
fillInStackTraceoverride (#2019) @gnodet
Full Changelog: 4.3.0...4.3.1