Thanks, so a597870 was only included in 10.0.0 (no released Debian versions are affected, just unstable).
Could we do a 10.0.2 release with just this cherry-picked? I note that even library.kiwix.org is vulnerable to this. Or if 10.1.0 is coming pretty soon then waiting wouldn't be too bad.
And we should also get a CVE ID assigned for this vulnerability, @kelson42 if you haven't gone through this process before I'm happy to help out.
I also believe we should not wait to much to make the release of 10.1.0.
Secure the CI is green on git master
Kiwix-Build is OK
Update the Changelog
Update version
Close current milestone and create new one incrementaly (a priori a minor version)
Following remark from @legoktm at #721 (comment)
Thanks, so a597870 was only included in 10.0.0 (no released Debian versions are affected, just unstable).
Could we do a 10.0.2 release with just this cherry-picked? I note that even library.kiwix.org is vulnerable to this. Or if 10.1.0 is coming pretty soon then waiting wouldn't be too bad.
And we should also get a CVE ID assigned for this vulnerability, @kelson42 if you haven't gone through this process before I'm happy to help out.
I also believe we should not wait to much to make the release of 10.1.0.
masterThe text was updated successfully, but these errors were encountered: