Closed x-volodymyr closed 4 years ago
Thanks for opening the issue.
It seems it is even better to switch to minitar
gem as it replaces archive-tar-minitar
. I'll try to understand why I've fixed version to 0.5.2.
Tests are green on master, so I've released v1.2.2
Name: archive-tar-minitar Version: 0.5.2 Advisory: CVE-2016-10173 Criticality: Unknown URL: https://github.com/atoulme/minitar/issues/5 Title: Archive-Tar-Minitar Directory Traversal Vulnerability Solution: upgrade to >= 0.6.0
Is it possible to change runtime dependency Archive-Tar-Minitar to 0.6.0 or higher ?