New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[bugfix] Fix for ReDOS vulnerability (see #4163) #4326

Merged
merged 3 commits into from Nov 29, 2017

Conversation

Projects
None yet
4 participants
@migg24
Contributor

migg24 commented Nov 28, 2017

Limiting regex match to 256 chars, fixing #4163.

I did not change the minified versions because I assumed that would be part of some build process and could not find anything about it in "contributing". Please advise if this has to be done manually somehow.

@jsf-clabot

This comment has been minimized.

jsf-clabot commented Nov 28, 2017

CLA assistant check
All committers have signed the CLA.

@migg24 migg24 changed the title from Fix for ReDOS vulnerability to [bugfix] Fix for ReDOS vulnerability Nov 28, 2017

@icambron

This comment has been minimized.

Member

icambron commented Nov 29, 2017

This seems reasonable to me. @ichernev / @marwahaha can we get this one in?

@marwahaha marwahaha changed the title from [bugfix] Fix for ReDOS vulnerability to [bugfix] Fix for ReDOS vulnerability (see #4163) Nov 29, 2017

@marwahaha marwahaha merged commit 69ed9d4 into moment:develop Nov 29, 2017

3 checks passed

Title Your title looks great!
continuous-integration/travis-ci/pr The Travis CI build passed
Details
licence/cla Contributor License Agreement is signed.
Details
@migg24

This comment has been minimized.

Contributor

migg24 commented Nov 29, 2017

Thx for merging!

@jc1arke jc1arke referenced this pull request Nov 30, 2017

Merged

Update moment.js version #300

cerinman added a commit to mxenabled/mx-react-components that referenced this pull request Aug 6, 2018

cerinman added a commit to mxenabled/mx-react-components that referenced this pull request Aug 7, 2018

Update moment to fix vulnerability (#774)
* Update moment to fix vulnerability

moment/moment#4326

* unlock moment

The bug that caused us to lock it down has been resolved.

moment/moment#4216
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment