search

CocoaPods / Xcodeproj

Create and modify Xcode projects from Ruby.
http://rubygems.org/gems/xcodeproj
MIT License
2.36k stars 458 forks source link

Update REXML to 3.3.6 or later to fix DOS vulnerability #957

Closed ls-philippe-casgrain closed 1 month ago

ls-philippe-casgrain commented 2 months ago

I know it was just updated to 3.3.2, but there's a new vulnerability that is fixed in 3.3.6 or later: https://www.ruby-lang.org/en/news/2024/08/22/dos-rexml-cve-2024-43398/

Since Fastlane depends on this gem, a new release would be appreciated.

setoelkahfi commented 2 months ago

I just found out this warning today. We could increase the version span here.

mjoe23 commented 1 month ago

@amorde Can we get another vulnerability fix out for this? Thanks!

amorde commented 1 month ago

Released 1.25.1