jeffsays
commented
1 year ago bump?
Closed only1chi closed 2 months ago
jeffsays
commented
1 year ago bump?
jeffsays
commented
2 months ago bump @naugtur @rdziarnowski-egnyte @uhlryk @x0st @4U6U57
naugtur
commented
2 months ago Hey. Thanks for the bump. A switch to fetch is long overdue but the multipart upload in fetch is much slower, which probably means going with undici.
Anyway, I'm no longer with Egnyte and have no insights into priorities. You'd need to chat with support.
The SDK is OSS so if priorities set by managers at Egnyte are not in line with what you need all I can offer is accepting a contract from you to contribute a rewrite onto latest http clients
PINTEGNYTE
commented
2 months ago Hi @jeffsays , we're currently focusing on completion of new egnyte-ts-sdk. I can't give you exact date but we'd like to wrap up the work by end of this year. That's why we're slowly depreciating support for egnyte-js-sdk
naugtur
commented
2 months ago 💔😅
Summary
The Request package through 2.88.2 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Please see:
Recommendation
Migrate away from request, which is now deprecated and no longer being maintained.