Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Changelog v1.23.0 #2681

Merged
merged 4 commits into from
Dec 31, 2020
Merged

Changelog v1.23.0 #2681

merged 4 commits into from
Dec 31, 2020

Conversation

RunDevelopment
Copy link
Member

No description provided.

@github-actions
Copy link

github-actions bot commented Dec 30, 2020

No JS Changes

Generated by 🚫 dangerJS against 0cc0239

@mAAdhaTTah
Copy link
Member

@RunDevelopment Oh, that reminds me: Did we include a fix for the regex we were notified about?

@RunDevelopment
Copy link
Member Author

@mAAdhaTTah Now that you mention it. The fix is trivial, so I'll just make a quick PR and merge it. We can decide on a security advisory later.

@RunDevelopment
Copy link
Member Author

Done. The changelog has been updated accordingly.

@RunDevelopment
Copy link
Member Author

@mAAdhaTTah After this comment, I am currently implementing an improvement for the detector, so that it will check (hopefully) all of Prism's regexes. I have already found that half of Latte is unchecked due to the nature of markup templating. Other languages that use markup templating (e.g. PHP) might also be affected.

Let's please hold the release until I have verified that there are no other detectable cases of exponential backtracking in Prism's code base.

@RunDevelopment
Copy link
Member Author

@mAAdhaTTah I found one more with exponential backtracking. I'll make separate PRs for the fix and the improved test suite.

@RunDevelopment
Copy link
Member Author

@mAAdhaTTah I merged the fix. The PR for the improved test suite and be dealt with after the release. I think there's nothing holding up the release now.

Copy link
Member

@mAAdhaTTah mAAdhaTTah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@RunDevelopment Thanks for doing this! Gonna publish this now.

This was referenced Mar 15, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants