-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changelog v1.23.0 #2681
Changelog v1.23.0 #2681
Conversation
@RunDevelopment Oh, that reminds me: Did we include a fix for the regex we were notified about? |
@mAAdhaTTah Now that you mention it. The fix is trivial, so I'll just make a quick PR and merge it. We can decide on a security advisory later. |
Done. The changelog has been updated accordingly. |
@mAAdhaTTah After this comment, I am currently implementing an improvement for the detector, so that it will check (hopefully) all of Prism's regexes. I have already found that half of Latte is unchecked due to the nature of markup templating. Other languages that use markup templating (e.g. PHP) might also be affected. Let's please hold the release until I have verified that there are no other detectable cases of exponential backtracking in Prism's code base. |
@mAAdhaTTah I found one more with exponential backtracking. I'll make separate PRs for the fix and the improved test suite. |
@mAAdhaTTah I merged the fix. The PR for the improved test suite and be dealt with after the release. I think there's nothing holding up the release now. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@RunDevelopment Thanks for doing this! Gonna publish this now.
No description provided.