Skip to content

v3.2.1

Compare
Choose a tag to compare
@athre0z athre0z released this 08 Nov 21:33
· 236 commits to master since this release

Detailed changelog (since v3.2.0)

This is a security update.

Formatter

  • CVE-2021-41253: Fixed a bug where an internal formatter structure wasn't properly initialized.
    • For users that extend the formatter via the formatter hook mechanism and use the string functions provided in zycore to append untrusted data to the formatter buffer, this can result in heap memory corruption. If you don't extend the formatter, this bug doesn't affect you.
    • For more details, please consult our security advisory.
    • Thanks to @geeknik who found this issues during fuzzing, providing us with a test case for reproducing it!

This version is both API and ABI compatible with v3.2.0.