Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

blog: path validation vulnerability blog #1379

Closed
wants to merge 3 commits into from
Closed

blog: path validation vulnerability blog #1379

wants to merge 3 commits into from

Conversation

mhdawson
Copy link
Member

No description provided.

@mhdawson
Copy link
Member Author

@nodejs/website please take a look, would like to land soon.

lpinca
lpinca reviewed Sep 27, 2017
View reviewed changes
locale/en/blog/vulnerability/september-2017-path-validation.md Outdated
Subscribe to the low-volume announcement-only nodejs-sec mailing list at
https://groups.google.com/forum/#!forum/nodejs-sec to stay up to date
on security vulnerabilities and security-related releases of Node.js
th Validation Vunerabilityand the projects maintained in the nodejs GitHub organisation.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/th Validation Vunerability//

@lpinca
Copy link
Member

lpinca commented Sep 27, 2017

It might make sense to also update this

nodejs.org/build.js

Line 287 in 267cd83

content: 'Important <a href="https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/">security releases</a>, please update now!'
accordingly.

@mhdawson
Copy link
Member Author

Pushed changes to address comments

@mhdawson
Copy link
Member Author

@lpinca thanks for catching those issues.

silverwind
silverwind approved these changes Sep 27, 2017
View reviewed changes
Copy link
Contributor

@silverwind silverwind left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with typo fixed

locale/en/blog/vulnerability/september-2017-path-validation.md Outdated
layout: blog-post.hbs
author: Michael Dawson
---
# Path Validation Vunerability
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Vulnerability

Trott
Trott reviewed Sep 27, 2017
View reviewed changes
locale/en/blog/vulnerability/september-2017-path-validation.md Outdated
---
# Path Validation Vunerability

The Node.js project released a new versions of 8.x this week which incorporates
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

new versions -> new version

lpinca
lpinca approved these changes Sep 27, 2017
View reviewed changes
Copy link
Member

@lpinca lpinca left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with typos fixed.

cjihrig
cjihrig approved these changes Sep 27, 2017
View reviewed changes
Copy link
Contributor

@cjihrig cjihrig left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with typos addressed.

@mhdawson
Copy link
Member Author

pushed fixes, will land

mhdawson added a commit that referenced this pull request Sep 27, 2017
@mhdawson
blog: path validation vulnerability blog
ba71526 
PR-URL: #1379
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
@mhdawson
Copy link
Member Author

Landed as ba71526

@mhdawson mhdawson closed this Sep 27, 2017
@refack
Copy link
Contributor

refack commented Sep 27, 2017

As a postscript, since there are two people "implicated" with the issue this post is in reference to:
image
IMHO it would have been courteous to @-mention them during this review and before this went public.
Not a big deal, but like they say "finding out by reading about it in the paper is not the best feeling in the world"

@mhdawson
Copy link
Member Author

@refack will keep that in mind. It might make sense to PR some guidance into: https://github.com/nodejs/security-wg/blob/master/processes/security_annoucement_process.md

@refack refack mentioned this pull request Sep 28, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Trott Trott Trott left review comments

@cjihrig cjihrig cjihrig approved these changes

@lpinca lpinca lpinca approved these changes

@silverwind silverwind silverwind approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@mhdawson @lpinca @refack @silverwind @Trott @cjihrig