Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Please include CVE-2021-26911 fix in an "official" release/tag #1985

Open
WhyWake opened this issue Aug 8, 2023 · 0 comments
Open

Please include CVE-2021-26911 fix in an "official" release/tag #1985

WhyWake opened this issue Aug 8, 2023 · 0 comments

Comments

@WhyWake
Copy link

WhyWake commented Aug 8, 2023

Hello,
First off, thanks for working on the mailcore2 library, and making it available for everyone to use!

I see mailcore2 previously had vulnerability CVE-2021-26911, which has since been fixed: #1903. However, this is not yet part of any official release from mailcore2. The latest release 0.6.4 was before this fix, so doesn't contain it.

Could you please push out a release that does contain this fix?

We can of course download the current code from master, but this is non-ideal from a version-tracking point of view. i.e., master changes with time, and we cannot authoritatively know which version of the library we are using.

Thanks
-Vivek

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant