Skip to content

v12.0.1

Choose a tag to compare

View all tags
@zaggino zaggino released this 03 Mar 13:05
v12.0.1
370f0f7
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

12.0.1 (2026-03-03)

Bug Fixes

  • clamp asyncTimeout to prevent resource exhaustion (CWE-400) (#370) (ffd31ed)
  • code scanning alert no. 15: Inefficient regular expression (#368) (4d54149)
  • enforce max pattern length in compileSchemaRegex to mitigate regex injection (CWE-95) (c6e1be4)
  • js/path-injection alerts (#372) (6a3c774)
  • js/resource-exhaustion, CWE-400 (2801b49)
  • polynomial regular expression used on uncontrolled data (#371) (007cf85)
  • prevent prototype-polluting assignments in schema compiler (CWE-1321) (f4f2735)
  • validate URLs before fetching remote schemas in CLI to prevent SSRF (CWE-918) (75c161e)
  • workflow permissions (cd85523)
Assets 2
Loading