backdrop-contrib / feeds_jsonpath_parser

Feeds JSONPath Parser
GNU General Public License v2.0
0 stars 5 forks source link

Security issue with dependency. #1

Closed generalredneck closed 3 years ago

generalredneck commented 4 years ago

See https://www.drupal.org/sa-contrib-2019-083. It's an arbitrary code execution bug.

herbdool commented 4 years ago

I've added a commit in a branch https://github.com/backdrop-contrib/feeds_jsonpath_parser/commit/7de7c78b782afc069c1b9cfa7c6c067e53f6f1ae. I might just merge it. Since usage is really low, we can err on side of getting security fix in first and then fix issues later.

-- PS I'm part of Bug Squad.