Changelog v1.23.0 #2681
Changelog v1.23.0 #2681
Conversation
|
@RunDevelopment Oh, that reminds me: Did we include a fix for the regex we were notified about? |
|
@mAAdhaTTah Now that you mention it. The fix is trivial, so I'll just make a quick PR and merge it. We can decide on a security advisory later. |
|
Done. The changelog has been updated accordingly. |
|
@mAAdhaTTah After this comment, I am currently implementing an improvement for the detector, so that it will check (hopefully) all of Prism's regexes. I have already found that half of Latte is unchecked due to the nature of markup templating. Other languages that use markup templating (e.g. PHP) might also be affected. Let's please hold the release until I have verified that there are no other detectable cases of exponential backtracking in Prism's code base. |
|
@mAAdhaTTah I found one more with exponential backtracking. I'll make separate PRs for the fix and the improved test suite. |
|
@mAAdhaTTah I merged the fix. The PR for the improved test suite and be dealt with after the release. I think there's nothing holding up the release now. |
mAAdhaTTah
left a comment
mAAdhaTTah
left a comment
There was a problem hiding this comment.
@RunDevelopment Thanks for doing this! Gonna publish this now.
No description provided.