toy
commented
4 years ago Thanks for opening the issue.
It seems it is even better to switch to minitar gem as it replaces archive-tar-minitar. I'll try to understand why I've fixed version to 0.5.2.
Closed x-volodymyr closed 4 years ago
toy
commented
4 years ago Thanks for opening the issue.
It seems it is even better to switch to minitar gem as it replaces archive-tar-minitar. I'll try to understand why I've fixed version to 0.5.2.
toy
commented
4 years ago Tests are green on master, so I've released v1.2.2
Name: archive-tar-minitar Version: 0.5.2 Advisory: CVE-2016-10173 Criticality: Unknown URL: https://github.com/atoulme/minitar/issues/5 Title: Archive-Tar-Minitar Directory Traversal Vulnerability Solution: upgrade to >= 0.6.0
Is it possible to change runtime dependency Archive-Tar-Minitar to 0.6.0 or higher ?