WingNews logo WingNews
top | item 46237343

(no title)

rikafurude21 | 2 months ago

Im confused, did the update from last week for the RCE bug also include fixes for these new CVEs or will I need to update again? npm audit says theres no issues

discuss

order

billywhizz|2 months ago

is it not obvious?

> These issues are present in the patches published last week.

> The patches published last week are vulnerable.

> If you already updated for the Critical Security Vulnerability, you will need to update again.

rickhanlonii|2 months ago

GitHub has to review the advisories and publish it for it to show in `npm audit`, so it's delayed.

theogravity|2 months ago

You need to update again.

cluckindan|2 months ago

This could be the Next.js motto.

qingcharles|2 months ago

My Umami stats box got "pwned" about 15 mins after the last CVE was published and I spent an hour or so cleaning up that mess and upgrading everything. Not looking forward to doing it again today.