Fix CVE-2014-4043 - Githubissues

SerCeMan / jnr-fuse

FUSE implementation in Java using Java Native Runtime (JNR)

MIT License

361 stars 87 forks source link

Fix CVE-2014-4043 #138

Closed overheadhunter closed 2 years ago

overheadhunter commented 2 years ago

Please update jnr-posix to ≥ 3.1.18 😉

Related: #135, #120.

SerCeMan commented 2 years ago

Hi, @overheadhunter! Thank you for reporting, I'll try to take a look over the weekend, will merge an update and will publish a new version. It seems like something happened to the Windows CI setup even though there were no code changes.

SerCeMan commented 2 years ago

Hey, @overheadhunter! I released a new version of jnr-fuse - 0.5.6 with the updated dependencies, thanks for reporting!

overheadhunter commented 2 years ago

Please reopen, we need at least version 3.1.18, but dependabot stopped with 3.1.10. I added a warning in #135 but maybe it wasn't clear enough.

overheadhunter commented 2 years ago

Wow, nevermind. Fixed in 3.1.8. My bad 🙈