-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update UglifyJS to 2.4.24 #86
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@lautis Once this is committed, would appreciate a new release. |
Thanks for notifying, I'll merge and release a new version tomorrow when I'm back home. |
@reedloden, I've published v2.7.2 without the backwards-incompatible changes in master. |
dotemacs
pushed a commit
to hmcts/hwf-staffapp
that referenced
this pull request
Aug 27, 2015
dotemacs
pushed a commit
to hmcts/hwf-staffapp
that referenced
this pull request
Aug 28, 2015
koffeinfrei
added a commit
to metaflop/metaflop-www
that referenced
this pull request
Aug 28, 2015
mainly security update for uglifier: lautis/uglifier#86
amatriain
added a commit
to amatriain/feedbunch
that referenced
this pull request
Aug 29, 2015
fiedl
added a commit
to fiedl/your_platform
that referenced
this pull request
Aug 31, 2015
BACKDOORING VIA ERRONEOUS MINIFCATION OF BOOLEAN EXPRESSION lautis/uglifier#86 Trello: https://trello.com/c/x6w9tlVh/906-backdooring-via-erroneous-minifcation-of-boolean-expression
fiedl
added a commit
to fiedl/wingolfsplattform
that referenced
this pull request
Aug 31, 2015
BACKDOORING VIA ERRONEOUS MINIFCATION OF BOOLEAN EXPRESSION lautis/uglifier#86 YourPlatform: fiedl/your_platform@4e407e7 Trello: https://trello.com/c/x6w9tlVh/906-backdooring-via-erroneous-minifcation-of-boolean-expression
dylangrafmyre
added a commit
to shakacode/react_on_rails
that referenced
this pull request
Sep 15, 2015
Update gem uglifier to >= 2.7.2 to address security alert for affected versions prior to 2.7.2 Sources: lautis/uglifier#86 https://zyan.scripts.mit.edu/blog/backdooring-js/ https://nodesecurity.io/advisories/uglifyjs_incorrectly_handles_non-boolean_comparisons mishoo/UglifyJS#751
dzaporozhets
added a commit
to gitlabhq/gitlabhq
that referenced
this pull request
Oct 15, 2015
Update uglifier to ~> 2.7.2 Fixes a security vulnerability: - lautis/uglifier#86 - mishoo/UglifyJS#751 - https://zyan.scripts.mit.edu/blog/backdooring-js/ See merge request !1590
robbkidd
added a commit
to robbkidd/supermarket
that referenced
this pull request
Nov 2, 2015
sgerrand
pushed a commit
to sgerrand/boxen-web
that referenced
this pull request
Nov 21, 2015
Uglifier prior to version 2.7.2 has a known vulnerability: > There's a vulnerability which allows a specially crafted Javascript file to > have altered functionality after minification. This bug was demonstrated to > allow potentially malicious code to be hidden within secure code, activated by > minification. Affected versions erroneously minify boolean expressions. Sources: * lautis/uglifier#86 * https://zyan.scripts.mit.edu/blog/backdooring-js/ * https://nodesecurity.io/advisories/uglifyjs_incorrectly_handles_non-boolean_comparisons * mishoo/UglifyJS#751
sgerrand
added a commit
to sgerrand/boxen-web
that referenced
this pull request
Nov 21, 2015
Uglifier prior to version 2.7.2 has a known vulnerability: > There's a vulnerability which allows a specially crafted Javascript file to > have altered functionality after minification. This bug was demonstrated to > allow potentially malicious code to be hidden within secure code, activated by > minification. Affected versions erroneously minify boolean expressions. Sources: * lautis/uglifier#86 * https://zyan.scripts.mit.edu/blog/backdooring-js/ * https://nodesecurity.io/advisories/uglifyjs_incorrectly_handles_non-boolean_comparisons * mishoo/UglifyJS#751
mocoso
added a commit
to mocoso/film-finder
that referenced
this pull request
Nov 29, 2015
For security fixes, for more details see lautis/uglifier#86
nellshamrell
pushed a commit
to nellshamrell/supermarket
that referenced
this pull request
Dec 1, 2015
chrismear
added a commit
to chrismear/one-click-orgs
that referenced
this pull request
Dec 29, 2015
leftathome
pushed a commit
to leftathome/supermarket
that referenced
this pull request
Feb 22, 2016
fstar-dev
added a commit
to fstar-dev/react-on-rails
that referenced
this pull request
Jan 27, 2023
Update gem uglifier to >= 2.7.2 to address security alert for affected versions prior to 2.7.2 Sources: lautis/uglifier#86 https://zyan.scripts.mit.edu/blog/backdooring-js/ https://nodesecurity.io/advisories/uglifyjs_incorrectly_handles_non-boolean_comparisons mishoo/UglifyJS#751
DannyMay9082
added a commit
to DannyMay9082/react_on_rails
that referenced
this pull request
Feb 16, 2023
Update gem uglifier to >= 2.7.2 to address security alert for affected versions prior to 2.7.2 Sources: lautis/uglifier#86 https://zyan.scripts.mit.edu/blog/backdooring-js/ https://nodesecurity.io/advisories/uglifyjs_incorrectly_handles_non-boolean_comparisons mishoo/UglifyJS#751
Web-Go-To
added a commit
to Web-Go-To/react-with-rails
that referenced
this pull request
Mar 19, 2023
Update gem uglifier to >= 2.7.2 to address security alert for affected versions prior to 2.7.2 Sources: lautis/uglifier#86 https://zyan.scripts.mit.edu/blog/backdooring-js/ https://nodesecurity.io/advisories/uglifyjs_incorrectly_handles_non-boolean_comparisons mishoo/UglifyJS#751
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Needed to fix a security issue that was fixed in UglifyJS 2.4.24
mishoo/UglifyJS#751
https://zyan.scripts.mit.edu/blog/backdooring-js/