- Issue created by @heikkiy
- 🇺🇸United States greggles Denver, Colorado, USA
I think this priority and issue tag makes sense.
Since it's about a 3rd party library this can be fixed in public without a security advisory, but should ideally be addressed quickly with a code change and new release(s).
- Status changed to Fixed
5 months ago 7:05am 25 June 2024 - 🇦🇹Austria torotil
While it’s technically true that the README mentioned polyfill.io as as an example, it’s a bit strange for me to consider that a security issue.
However I’ve removed it from the README and tagged a new 7.x-1.3 (bugfix) release for this. I also removed the same sentence in the project description.
- 🇬🇧United Kingdom mcdruid 🇬🇧🇪🇺
Thank you @torotil - it's only a Security issue in that the trustworthiness of the original 3rd party service has been questioned, so it's probably best not to provide that specifically as an example any more. Appreciate your swift action.
- 🇺🇸United States greggles Denver, Colorado, USA
Thanks for the quick fix. I agree this instance isn't as critical given it was in the documentation.
FWIW, I noticed that 7.x-1.x doesn't have the fix in it just yet. Maybe that branch hasn't been merged or hasn't been pushed?
Automatically closed - issue fixed for 2 weeks with no activity.