Closed lafirest closed 1 year ago
or is it really necessary to commit a rebar3 binary in git repo at all?
Embedded rebar3 is normally only used for the CI normally. The issue is that new rebar3 bin doesn't support all versions of erlang. It's planned to update it for the newt release.
Can anyone point me to the commit that fixed this "issue" in rebar3 ?
not needed anymore : bbe73c85012b8862786b0a9e28a10ea6a9a9003d
Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification(CVE-2020-13802)