Hi Clément, On Sun, Oct 23, 2022 at 06:27:08PM +0200, Clément Hermann wrote: > Hi, > > Le 22/10/2022 à 15:01, Salvatore Bonaccorso a écrit : > > > Thanks for the quick reply! (much appreciated). I think it would be > > good to get a confirmation from upstream and if possible to have > > those advisories updates. E.g. > > https://github.com/onionshare/onionshare/security/advisories/GHSA-x7wr-283h-5h2v > > while mentioning "affected versions < 2.4" the patched version remains > > "none". this might be that the < 2.4 just reflects the point in time > > when the advisory was filled. OTOH you have arguments with the v2.5 > > release information that they might all be fixed. > > > > To be on safe side, explicitly confirming by upstream would be great. > > Agreed. And asked upstream: > https://github.com/onionshare/onionshare/issues/1633.
Thank you! Regards, Salvatore