Upgrade xz to 5.4.1 - Githubissues

alexcrichton / xz2-rs

Bindings to liblzma in Rust (xz streams in Rust)

Apache License 2.0

81 stars 52 forks source link

Upgrade xz to 5.4.1 #108

Closed NobodyXu closed 5 months ago

NobodyXu commented 1 year ago

Signed-off-by: Jiahao XU Jiahao_XU@outlook.com

dragonmaus commented 5 months ago

From what I can tell, the malicious actor started contributing to XZ back in 2020.

5.2.5 looks like the last stable version before that point, so it might be worth holding off on any updates until some clarity is brought to the whole situation.

NobodyXu commented 5 months ago

Agreed, closing the PR for now.