-
Notifications
You must be signed in to change notification settings - Fork 274
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bundles vulnerable copy of Expat - please update to 2.2.1 #407
Comments
Thanks, I'm well aware of the release, just as I am aware of how I used Expat (not impacted, I/O internal to Poedit, communicating with a helper CLI tool). In fact, it's no longer used in v2, I just forgot to delete it — thanks for drawing my attention to it. P.S. You may want to improve your crawler to detect submodule references, like this one (upgrade pending acceptance or rejection of libexpat/libexpat#60). |
My crawler so far was plain |
Ah, I see.
That's weird, not since vslavik/winsparkle@a4abbed... |
Hi!
This repository bundles an outdated vulnerable copy of Expat 2.2.0. Please update your copy to version 2.2.1 with the latest security fixes. A change log with details is available at https://github.com/libexpat/libexpat/blob/master/expat/Changes. If you happen to run into compile errors, please check the post-2.2.1 commits in Git as well. Thank you!
Best
Sebastian
The text was updated successfully, but these errors were encountered: