vim is a 'special' upstream, because:
- they tag every commit with a 'release' tag
https://github.com/vim/vim/tags
- there is a never ending stream of CVE vulnerabilities coming from them
We tried to stick with major versions only and backport the CVEs, but
that quickly became unsustainable. So
In the recipe it includes following:
# Remove when 8.3 is out
UPSTREAM_VERSION_UNKNOWN = “1”
Should we attempt to remove it, given that this is now 9.0?
> On Jan 17, 2023, at 11:42 AM, Randy MacLeod
> wrote:
>
> Includes fixes for:
> https://nvd.nist.gov/vuln/detail/CVE-2023-0049
>
Includes fixes for:
https://nvd.nist.gov/vuln/detail/CVE-2023-0049
https://nvd.nist.gov/vuln/detail/CVE-2023-0051
https://nvd.nist.gov/vuln/detail/CVE-2023-0054
https://nvd.nist.gov/vuln/detail/CVE-2023-0288
Signed-off-by: Randy MacLeod
---
meta/recipes-support/vim/vim.inc | 4 ++--