Skip to content

v0.3.1 Hotfix
Compare
Choose a tag to compare
@DmitrySharabin DmitrySharabin released this 28 Jun 21:25
v0.3.1
3fa548f
This commit was signed with the committer’s verified signature.
DmitrySharabin Dmitry Sharabin
GPG key ID: A98FBC4BE221273B
Learn about vigilant mode.

What's Changed

We removed polyfill.io, a third-party service that has been recently compromised to serve malware. For more details, see: https://dev.to/snyk/polyfill-supply-chain-attack-embeds-malware-in-javascript-cdn-assets-55d6.

If you are unable to upgrade to v0.3.1, the good news is that Mavo only used this service for features that are currently supported everywhere, and any requests to it were gated behind our own local feature testing, so the impact should be minimal.

Assets 2