Recent RustFS RPC Vulnerability not just limited to alpha.77?

[smiba]

Hi,

In the recently published GHSA-h956-rh7x-ppgj the affected version(s) are listed simply as "alpha.77"

However, the PR that I believe introduced this vulnerability seems to be #163, which has been included in alpha.13

Can it be confirmed (and updated) that version alpha.13 to alpha.77 is affected, or otherwise confirmed the bug does in fact only affect alpha.77?

If the bug does (as upon quick glance I think it is) affect versions as early as alpha.13 it's important to update the report. This otherwise may not alert users that their version is also affected and that they should upgrade asap.

Thanks.

[loverustfs]

Hello @smiba ,

Affects all versions prior to alpha.77, please upgrade to the latest version.

[smiba]

感谢更新 GHSA
Thanks for updating the GHSA

I think alpha.13 - alpha.77 might be more accurate, but this is already a lot better and does convey the urgency for older versions too

[loverustfs]

Okay, we'll make the changes right away. Thanks to the global security team.
Their security audits make RustFS increasingly secure!