Request for backporting fix for CVE-2024-32866 to version 0.9.x #641
Closed
vtsvetkov-splunk
started this conversation in
General
Replies: 2 comments
-
|
Hi @vtsvetkov-splunk, you can now upgrade to v0.9.2 with a patch for the vulnerability issue :) |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Thank you very much! |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi @edmundhung,
Firstly, thank you for your hard work on the conform library. I liked it so much that I decided to adopt it before a stable version was even released. However, I ran into trouble when a vulnerability (CVE-2024-32866) was discovered in versions prior to 1.1.1.
I am using version 0.9.1 because I have React 16, and that's the latest version with React 16 support. Due to other corporate dependencies that rely on React 16, I can't upgrade to a newer version yet. A security audit flagged this version, and I need to address the vulnerability.
Is it feasible to backport the fix for this vulnerability to version 0.9?
Thank you,
Viktor
Beta Was this translation helpful? Give feedback.
All reactions