Request for backporting fix for CVE-2024-32866 to version 0.9.x #641
Closed
vtsvetkov-splunk
started this conversation in
General
Replies: 2 comments
-
|
Hi @vtsvetkov-splunk, you can now upgrade to v0.9.2 with a patch for the vulnerability issue :) |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Thank you very much! |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi @edmundhung,
Firstly, thank you for your hard work on the conform library. I liked it so much that I decided to adopt it before a stable version was even released. However, I ran into trouble when a vulnerability (CVE-2024-32866) was discovered in versions prior to 1.1.1.
I am using version 0.9.1 because I have React 16, and that's the latest version with React 16 support. Due to other corporate dependencies that rely on React 16, I can't upgrade to a newer version yet. A security audit flagged this version, and I need to address the vulnerability.
Is it feasible to backport the fix for this vulnerability to version 0.9?
Thank you,
Viktor
Beta Was this translation helpful? Give feedback.
All reactions