Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update information about the latest security updates #29

Closed
bjohansebas opened this issue Oct 4, 2024 · 3 comments · Fixed by expressjs/expressjs.com#1800
Closed

Update information about the latest security updates #29

bjohansebas opened this issue Oct 4, 2024 · 3 comments · Fixed by expressjs/expressjs.com#1800
Assignees
@bjohansebas
Labels
documentation Improvements or additions to documentation security-wg-agenda

Comments

@bjohansebas
Copy link
Member

bjohansebas commented Oct 4, 2024
edited
Loading

Several security updates have been made since version 4.16.0 of Express, it would be good to update this information.

page: https://expressjs.com/en/advanced/security-updates

cc: @expressjs/security-triage @expressjs/security-wg
@UlisesGascon UlisesGascon transferred this issue from expressjs/expressjs.com Oct 6, 2024
@UlisesGascon
Copy link
Member

I transferred the issue for visibility

@UlisesGascon UlisesGascon mentioned this issue Oct 21, 2024
Closed
@UlisesGascon UlisesGascon mentioned this issue Nov 18, 2024
Closed
@UlisesGascon UlisesGascon mentioned this issue Dec 16, 2024
Closed
@bjohansebas
Copy link
Member Author

Should we include the updates that Herodevs patches? I'm talking about the vulnerabilities that have been patched by Herodev in Express 3.

@ljharb
Copy link

ljharb commented Feb 10, 2025

They’re not fixed in any public express version, so i’m not sure it makes sense in that list - but certainly indicating that a specific unfixed CVE is patched by a third party seems useful.

@bjohansebas bjohansebas mentioned this issue Feb 21, 2025
Merged
@bjohansebas bjohansebas added the documentation Improvements or additions to documentation label Feb 21, 2025
@bjohansebas bjohansebas self-assigned this Feb 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bjohansebas bjohansebas

Labels
documentation Improvements or additions to documentation security-wg-agenda
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

docs: update security updates documentation for Express expressjs/expressjs.com
3 participants
@ljharb @UlisesGascon @bjohansebas