search

casbin / lua-casbin

An authorization library that supports access control models like ACL, RBAC, ABAC in Lua (Kong, APISIX, OpenResty)
Apache License 2.0
53 stars 17 forks source link

Update the dependency library rex_pcre to rex_pcre2 #156

Open andrew99-lab opened 1 month ago

andrew99-lab commented 1 month ago

rex_pcre depends on pcre-v1 (v8.45), which was released in 1997 and has now stopped supporting and maintaining. For security and software update support considerations, is it a feasible measure to upgrade the rex_pcre that lua-casbin depends on to rex_pre2?

local rex = require ("rex_pcre")
local posix = require("posix.fnmatch")

The official pcre document clearly states(https://www.pcre.org/):

Versions
There are two major versions of the PCRE library. The current version, PCRE2, [released in 2015,](https://lists.exim.org/lurker/message/20150105.162835.0666407a.en.html) is now at version 10.39.

The older, but still widely deployed PCRE library, originally released in 1997, is at version 8.45. This version of PCRE is now at end of life, and is no longer being actively maintained. Version 8.45 is expected to be the final release of the older PCRE library, and new projects should use PCRE2 instead.
casbin-bot commented 1 month ago

@Edmond-J-A @rushitote @techoner

hsluoyz commented 1 month ago

@andrew99-lab hi, can you make a PR?