I've merged in a fix for CVE-2023-46589, and a test for it. I'll kick off a release either over the weekend if I get time, or on Monday. Let me know if there's any objections.
Jon On Wed, Nov 29, 2023 at 3:48 PM Alex The Rocker <alex.m3...@gmail.com> wrote: > +1 and thanks Richard for raising attention on CVE-2023-46589 which is > fairly new > > Le mer. 29 nov. 2023 à 12:51, Richard Zowalla <r...@apache.org> a écrit : > > > > +1 and yes, CVE-2023-46589 is missing. > > > > Am Mittwoch, dem 29.11.2023 um 11:23 +0000 schrieb Jonathan Gallimore: > > > +1 > > > > > > I think there's one CVE to patch before release: CVE-2023-46589 which > > > I'm > > > happy to do. I'm also happy to cut the release as its been a while > > > since I > > > last did it. > > > > > > Jon > > > > > > On Wed, Nov 29, 2023 at 11:20 AM Jean-Louis Monteiro < > > > jlmonte...@tomitribe.com> wrote: > > > > > > > Hi all, > > > > > > > > There are a couple of CVEs attached to the latest 9.x release. Is > > > > it time > > > > to cut a release? > > > > > > > > Best > > > > -- > > > > Jean-Louis Monteiro > > > > http://twitter.com/jlouismonteiro > > > > http://www.tomitribe.com > > > > > > >