Hi Simon, On Sun, Feb 15, 2026 at 04:36:56PM +0100, Simon Josefsson wrote: > Erik Auerswald <[email protected]> writes: > > > I plan to commit and push the attached patch in a few days to address > > this vulnerability, unless there are reasonable objections. > > Thanks -- I wish we could implement the --accept-env approach and make > the default not set any environment variables at all, but I don't have > cycles to work on that. Anyone else?
Me neither. > Your patch seems to close this vulnerability report in a most minimal > way, so IMHO we should apply it. I have just applied it. Cheers, Erik
