-
|
This advisory GHSA-8687-vv9j-hgph says all versions less than 5.7.5 are vulnerable, but it seems that the patch went into v4.13.21. If that's correct, how can we get the advisory updated to not flag for that version? See v4.13.21 which mentions "Backport fix for #8222". That is the issue linked to from the advisory, and it looks like the backported change is indeed the same as in v5. Thanks! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
@vkarpov15 it looks like you put in the fix. perhaps you would know |
Beta Was this translation helpful? Give feedback.
-
|
@d1manson I sent an email to [email protected] to see if they can update that page. What is preventing you from upgrading to 5.x? |
Beta Was this translation helpful? Give feedback.
-
|
thanks - we would like to upgrade to 5.x but we don't have quite the test coverage over all the places we use mongoose to be ready to do so. |
Beta Was this translation helpful? Give feedback.
@vkarpov15 it looks like you put in the fix. perhaps you would know
f3eca5b