Skip to content

0.29.0.gfm.7
Compare
Choose a tag to compare
@anticomputer anticomputer released this 23 Jan 21:50
· 97 commits to master since this release
0.29.0.gfm.7
57d5e09
This commit was signed with the committer’s verified signature.
anticomputer Bas Alberts
SSH Key Fingerprint: Ypu05fFRgaW6sFMChvLt79JIH7zMysuf+vrDEQx32i0 Learn about vigilant mode.

Changes since last release (0.29.0.gfm.6...0.29.0.gfm.7):

  • Fixed CVE-2023-22486, a polynomial time complexity issue in cmark-gfm which may lead to unbounded resource exhaustion and subsequent denial of service.
  • Fixed CVE-2023-22485, in which a crafted markdown document could trigger an out-of-bounds read in the validate_protocol function.
  • Fixed CVE-2023-22484, a polynomial time complexity issue in cmark-gfm which may lead to unbounded resource exhaustion and subsequent denial of service.
  • Fixed CVE-2023-22483, several polynomial time complexity issues in cmark-gfm which may lead to unbounded resource exhaustion and subsequent denial of service.
  • We removed an unneeded .DS_Store file (#291)
  • We added a test for domains with underscores and fix roundtrip behavior (#292)
  • We now use an up-to-date clang-format (#294)
  • We made a variety of implicit integer truncations explicit by moving to size_t as our standard size integer type (#302)
  • We introduced a new flag mechanism that is used in cmark node state management, which requires clients call the cmark_init_standard_node_flags function at program startup (420c20a)

The security issues were reported and resolved by @kevinbackhouse and @philipturnbull of the GitHub Security Lab

Contributors

philipturnbull and kevinbackhouse
Assets 2
Loading