alexAubin
commented
6 months ago Hmpf I don't know if we want to address this, there seem to be a big number of "ifs", and the appropriate way to "fix" the thing (if it happened) is clearly not straightforward ... Like, maybe it's concern for shared repo somehow but that's not the topology we have here x_x
Describe the bug
Upgrade to borg >= 1.2.5 will require a specific upgrade
Context
Here is the doc about the upgrade : https://github.com/borgbackup/borg/blob/1.2.6/docs/changes.rst#pre-125-archives-spoofing-vulnerability-cve-2023-36811
I have not analyzed it deeply but it seems that the upgrade process will have to contain some intelligence to upgrade.