There is a security issue in the semver < 4.3.2

elastic / libesvm

A library for managing instances of Elasticsearch

7 stars 14 forks source link

There is a security issue in the semver < 4.3.2 #21

Closed kolarski closed 9 years ago

kolarski commented 9 years ago

There is security bug in semver < 4.3.2 (https://nodesecurity.io/advisories/semver_redos) So updating semver to the latest version removed this security bug in libesvm as well.

spalger commented 9 years ago

Looks like the only non-security related changes to semver are related to version ranges, which shouldn't cause a functional break in libesvm but I'm going to do a major version bump just to be sure.