Please update bundled vulnerable Expat 2.2.1 to latest release >=2.4.3

the-real-blackh / hexpat

A general purpose Haskell XML library using Expat to do its parsing

BSD 3-Clause "New" or "Revised" License

2 stars 7 forks source link

Please update bundled vulnerable Expat 2.2.1 to latest release >=2.4.3 #11

Closed hartwork closed 2 years ago

hartwork commented 3 years ago

Hi!

I noticed today that the bundle of Expat here is at version 2.2.1 still. There have been multiple security fixes after that so everyone using the bundled copy is at risk, with regard to the fixed vulnerabilities. Please check the upstream change log for more details. Thank you! :pray:

Best, Sebastian

hartwork commented 3 years ago

Any thoughts?

hartwork commented 3 years ago

Any thoughts?

hartwork commented 3 years ago

Any news?

kuribas commented 3 years ago

Project is dead?

hartwork commented 2 years ago

Closing after one year to keep my https://github.com/issues page clean…