Since it relates to file *uploads*, it seems like standard issue TW is probably OK. I can't think of any TW projects that do uploads except possibly tiddlyserver and Bob. But since these shouldn't be used (in general) on the open internet, that shouldn't be a problem for most people. NoteSelf might do uploading, but my scan of the code couldn't find "express" so hopefully it's OK.
On Tuesday, August 4, 2020 at 3:23:44 PM UTC-7, leeand00 wrote: > > Security Alert regarding express.js: > > > https://www.bleepingcomputer.com/news/security/nodejs-module-downloaded-7m-times-lets-hackers-inject-code/ > > I would think that tiddlywiki does use this library (and about a million > other projects...), so I just thought I ought to make people aware of it. > > > -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/e1259e02-2d4e-4618-a48b-ed0d4c954927o%40googlegroups.com.
