Closed bmacnaughton closed 5 years ago
jsdoc2md is a command-line tool, not a public-facing always-on service exposed to potential attack. Security advisories do not apply.
Reinstall your jsdoc2md to pick up all the latest module versions, including the latest handlebars.
I appreciate the quick response; it's far better than most. It wasn't clear from the security advisory that a site displaying jsdoc-rendered markdown had no issues; maybe it should have been.
I had installed the latest release before filing this.
It seems that handlebars has yet another security issue reported Dec 28th, 2018 and published Feb 14th, 2019.
Only requires a patch bump.
advisory