Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bundles vulnerable copy of Expat - please update to 2.2.5 #405

Closed
akoeplinger opened this issue Nov 29, 2017 · 9 comments · Fixed by #1214
Closed

Bundles vulnerable copy of Expat - please update to 2.2.5 #405

akoeplinger opened this issue Nov 29, 2017 · 9 comments · Fixed by #1214
Assignees
@mattleibow
Labels
area/libSkiaSharp.native type/bug type/enhancement
Milestone
v1.68.2

Comments

@akoeplinger
Copy link
Member

akoeplinger commented Nov 29, 2017
edited by xamarin-release-manager
Loading

Issue moved from mono/linux-packaging-skiasharp#1.

@hartwork commented:

This repository bundles an outdated vulnerable copy of Expat 2.1.0. Please update your copy to version 2.2.1 with the latest security fixes. A change log with details is available at https://github.com/libexpat/libexpat/blob/master/expat/Changes . Thank you!

VS bug #738684
@akoeplinger akoeplinger mentioned this issue Nov 29, 2017
Open
@mattleibow mattleibow added area/SkiaSharp Issues that relate to the C# binding of SkiaSharp. status/skia-update-required labels Dec 19, 2017
@mattleibow
Copy link
Contributor

According to this post, wee should be selecting our own versions of he dependencies: https://groups.google.com/forum/#!topic/skia-discuss/RIPQqRjcVEE

We probably need to go through the list in https://github.com/mono/skia/blob/xamarin-mobile-bindings/DEPS and make sure we are up to date.

@spsteve10
Copy link

@mattleibow Can we expect a release with an updated version of expat (ie:2.2.5)? What is the status? Thanks

@hartwork
Copy link

hartwork commented Dec 5, 2018

(Just for completeness: There is libexpat 2.2.6 by now.)

@mattleibow
Copy link
Contributor

I will see if I can get the update with the latest version of the dependencies.

@mattleibow mattleibow mentioned this issue Dec 8, 2018
Closed
22 tasks
@AshishMantosh
Copy link

Any updates on this?

@hartwork
Copy link

hartwork commented Apr 6, 2020
edited
Loading

For the record, there is 2.2.9 by now with more security fixes in 2.2.8.

@mattleibow mattleibow mentioned this issue Apr 6, 2020
Merged
4 tasks
@AshishMantosh
Copy link

Thanks for the response with the PR @mattleibow Hoping for a quick review.

@mattleibow
Copy link
Contributor

Merged and will be in the next 1.68.2 preview

@hartwork
Copy link

hartwork commented Apr 7, 2020

Thank you!

@mattleibow mattleibow added this to the v1.68.2 milestone Apr 29, 2020
@ghost ghost locked as resolved and limited conversation to collaborators Aug 19, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@mattleibow mattleibow

Labels
area/libSkiaSharp.native type/bug type/enhancement
Projects
None yet
Milestone
v1.68.2
Development

Successfully merging a pull request may close this issue.

Update expat native library to 2.2.9 mono/SkiaSharp
7 participants
@migueldeicaza @Redth @mattleibow @akoeplinger @hartwork @spsteve10 @AshishMantosh