Posts tagged security update
Vapor URI Parsing Security Vulnerability
Vapor 4.90.0 fixes CVE-2024-21631 in URI parsing, replacing the old C parser with a safer Swift implementation. Upgrade if you parse untrusted URIs.
Vapor HTTP Error Handling Security Vulnerability
Vapor 4.84.2 fixes CVE-2023-44386, an error-handling flaw that let an attacker crash an app by triggering a write to a closed channel. Upgrade now.
PostgresNIO Security Vulnerability
PostgresNIO 1.14.2 fixes CVE-2023-31136, a TLS flaw letting a man-in-the-middle inject responses to a client's first queries. Upgrade as soon as possible.
Vapor `URLEncodedFormDecoder` Security Vulnerability
We've fixed an issue in Vapor's URLEncodedFormDecoder - CVE-2022-31019
Vapor `FileMiddleware` Security Vulnerability
Vapor 4.60.3 fixes CVE-2022-31005 in FileMiddleware, where crafted Range headers could crash an app. Upgrade now if you serve files with it.