Closed zhangguanzhang closed 3 months ago
To be extremely and explicitly clear, those CVEs are false positives in gosu
and should 100% be reported to your scanning tool vendor (as described in https://github.com/tianon/gosu/blob/master/SECURITY.md).
I agree that we should update gosu
to 1.17, but I very strongly disagree that these CVE fixes are a solid justification for doing so.
Update to gosu 1.17 https://github.com/tianon/gosu/releases/tag/1.17 Fixes cve