search

sbt / zinc

Scala incremental compiler library, used by sbt and other build tools
Apache License 2.0
334 stars 121 forks source link

release 1.9.6 version to fix CVE #1325

Closed rhuddleston closed 10 months ago

rhuddleston commented 10 months ago

Can you cut a 1.9.6 version soon for this commit https://github.com/sbt/zinc/commit/9e22d6ca224bc9c351669a84539a3cb3df78691a

this would fix https://nvd.nist.gov/vuln/detail/CVE-2023-46122

thank you

eed3si9n commented 10 months ago

I didn't think we called the affected function from Zinc. I guess we can backport and release regardless.

eed3si9n commented 10 months ago

Fixed in https://github.com/sbt/zinc/releases/tag/v1.9.6

rhuddleston commented 9 months ago

Thanks!