nuTensor: Security vulnerability

[potassiumchloride]

Hi,

recently a security vulnerability was disclosed for uBlock Origin (uBO) which also affects uMatrix (uM). It is already fixed in uBO and the uM fork for Palemoon called ηMatrix.

Given the fact that the original uM is unmaintained and @gorhill hasn't published at least a security fix only for uM at the same time as for uBO, I wonder if nuTensor might provide a security fix. Update (2021-07-19): uM also received an official emergency fix by @gorhill.

Relevant info: uBlock Origin (and uMatrix) DoS with strict-blocking filter and crafted URL

[nicolaasjan]

It is already fixed in uBO and the uM fork for Palemoon called ηMatrix.

@DrFlibble
Take a look at ηMatrix's fix in main-blocked.js.
[Edit]
Pull request ed44470 is better. :)

[nicolaasjan]

@gorhill released a new version of uMatrix with a fix for the security vulnerability:
https://github.com/gorhill/uMatrix/releases/tag/1.4.2

[potassiumchloride]

Amazing news! @gorhill, many, many, many thanks for changing your mind and releasing a new fixed version of uM! Thanks for taking care of us regular users!

[jtagcat]

@potassiumchloride this issue may be closed, as it's been fixed upstream

---

@DrFlibble please comment on your absence. At least, upstream should be tracked, (if possible, it is).

There have been small, minor improvements, though as it stands now, upstream is better-standing.

---

for changing your mind

As the repo remains archived, and as far as my common sense goes, low-quality reports, issues, are still hell. More likely, it's affection. Abandoning a thing¹ you have worked on for weeks is hard, and comes with guaranteed guilt.

¹ commonly said as 'abandoning your child', yet I refuse to compare a few-year project to lifetime children.

I'll try to refrain from further speculating, possibly imposing my speak as @gorhill's.

[khimaros]

this is the upstream fix: gorhill@30c12da