Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport vuln fix to major version 3 #256

Closed
wants to merge 2 commits into from
Closed

Backport vuln fix to major version 3 #256

wants to merge 2 commits into from

Conversation

Blackbaud-ShaydeNofziger
Copy link

@Blackbaud-ShaydeNofziger Blackbaud-ShaydeNofziger commented May 2, 2019
edited
Loading

Cherry-picked the patch commit that resolved the Open Redirect vulnerability announced.

@thornjad thornjad mentioned this pull request May 2, 2019
Open
@Blackbaud-ShaydeNofziger
Copy link
Author

Obviously can't merge to master - we'd need a different target branch to release this through.

@thornjad
Copy link
Contributor

thornjad commented May 2, 2019

@jfhbrook could make a v3 branch or something like that

This was referenced May 2, 2019
Closed
Merged
Merged
Closed
Closed
@Blackbaud-ShaydeNofziger
Copy link
Author

@jfhbrook when you are able, could you please make a new branch, v3 or similar based off of the b1ad801 3.3.1 release commit?

@thornjad thornjad mentioned this pull request May 2, 2019
Closed
@BigBlueHat BigBlueHat mentioned this pull request May 2, 2019
Closed
@samhstn samhstn mentioned this pull request May 2, 2019
Closed
@bahmutov bahmutov mentioned this pull request May 2, 2019
Merged
3 tasks
@chase-moskal
Copy link

chase-moskal commented May 2, 2019
edited
Loading

instead of waiting around, i suppose there's no harm in anybody temporarily publishing ecstatic-fix-830@3.0.1-fixed.1 or something like that, straight from this forked pr branch, if distributing the fix rapidly was desirable

This was referenced May 2, 2019
Merged
Merged
Closed
@jfhbrook
Copy link
Owner

jfhbrook commented May 2, 2019

I can push this out tomorrow morning.

pancelor added a commit to pancelor/sokosoko that referenced this pull request May 3, 2019
@pancelor
add local server stuff to avoid CORS bullshit
909909b 
edit: ooooof it's slow

I'd like to switch to npm's http-server:
  https://stackoverflow.com/questions/12905426/what-is-a-faster-alternative-to-pythons-http-server-or-simplehttpserver
  https://www.npmjs.com/package/http-server
but there's a dep error right now b/c of a security thing with a dep.
See also
  http-party/http-server#521
  jfhbrook/node-ecstatic#256 (comment)
@christophercr christophercr mentioned this pull request May 3, 2019
Merged
@jfhbrook
Copy link
Owner

jfhbrook commented May 3, 2019

Rather than trying to pull down this branch I just replayed your steps. The result is published as 3.3.2. Cheers!

@jfhbrook jfhbrook closed this May 3, 2019
@Blackbaud-ShaydeNofziger
Copy link
Author

@jfhbrook Awesome, thanks bud!

@Robdel12 Robdel12 mentioned this pull request May 3, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thornjad thornjad thornjad approved these changes

@skalyanmoguloju skalyanmoguloju skalyanmoguloju approved these changes

@BigBlueHat BigBlueHat BigBlueHat approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@Blackbaud-ShaydeNofziger @thornjad @chase-moskal @jfhbrook @BigBlueHat @skalyanmoguloju