Skip to content

Commit

Permalink
Release v27
Browse files Browse the repository at this point in the history
  • Loading branch information
rickynils committed Mar 15, 2024
1 parent 123ee16 commit d02dd28
Showing 1 changed file with 20 additions and 4 deletions.
24 changes: 20 additions & 4 deletions RELEASE
Original file line number Diff line number Diff line change
@@ -1,9 +1,25 @@
v26
v27

## Security Notice

This release (and previous releases) includes Nix versions that are vulnerable to [CVE-2024-27297](https://www.cve.org/CVERecord?id=CVE-2024-27297). The current default Nix version, 2.19.3, is not vulnerable. If you select another Nix version you should use your own judgement to decide if CVE-2024-27297 is applicable to your usage of Nix in your GitHub Actions workflow.

The following Nix versions that are packaged with this action are **not** vulnerable:

* 2.19.3 (the default version)
* 2.18.1
* 2.3.17

The above versions have been explicitly patched by the `nixpkgs` maintainers.

The rest of the Nix versions provided by this action **are vulnerable** to CVE-2024-27297.

In the next release of this action (v28), all vulnerable Nix versions will be removed.

## Changes

* Fix loading of `nixConfig` from `flake.nix`. If you had no `flake.nix` file in your repository, you would get an error when using `nix-quick-install-action`. This was reported in [#35](https://github.com/nixbuild/nix-quick-install-action/issues/35).
* Bump minor Nix versions: 2.3.16 -> 2.3.17

* Bump minor Nix versions: 2.13.3 -> 2.13.6, 2.15.1 -> 2.15.3, 2.16.1 -> 2.16.2
* Add Nix versions: 2.17.1, 2.18.1, 2.19.3

* Bump default Nix version: 2.16.1 -> 2.16.2
* Bump default Nix version: 2.16.2 -> 2.19.3

0 comments on commit d02dd28

Please sign in to comment.