Hi, Le 22/10/2022 à 15:01, Salvatore Bonaccorso a écrit :
Thanks for the quick reply! (much appreciated). I think it would be good to get a confirmation from upstream and if possible to have those advisories updates. E.g. https://github.com/onionshare/onionshare/security/advisories/GHSA-x7wr-283h-5h2v while mentioning "affected versions < 2.4" the patched version remains "none". this might be that the < 2.4 just reflects the point in time when the advisory was filled. OTOH you have arguments with the v2.5 release information that they might all be fixed. To be on safe side, explicitly confirming by upstream would be great.
Agreed. And asked upstream: https://github.com/onionshare/onionshare/issues/1633.
Cheers, -- nodens
