You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Since we have seen an uptick in users submitting vulnerability reports and improperly reporting the issue (in violation of our Security Policy) via GitHub issues I am creating this notice to add some clarification.
Several points related to this:
Strapi is not vulnerable to this as it was always intended by Formidable that applications are responsible to properly handle file names as Formidable is a very low level library -> We do our own sanitation as it was intended
This vulnerability should have never been considered valid to begin with and was requested to removed from the MITRE/NVD databases
Snyk has already removed it as an invalid vulnerability
At this time, we Strapi, have no plans to modify dependencies to "resolve" this vulnerability as it should be removed from the various vulnerabilities databases in due time for being invalid.
Any issues or vulnerability reports opened with regards to this package will be immediately closed and locked. If you have questions or concerns about this decision you can comment below or reach out to the Strapi Security Team via security@strapi.io.
The text was updated successfully, but these errors were encountered:
Since we have seen an uptick in users submitting vulnerability reports and improperly reporting the issue (in violation of our Security Policy) via GitHub issues I am creating this notice to add some clarification.
Several points related to this:
References:
At this time, we Strapi, have no plans to modify dependencies to "resolve" this vulnerability as it should be removed from the various vulnerabilities databases in due time for being invalid.
Any issues or vulnerability reports opened with regards to this package will be immediately closed and locked. If you have questions or concerns about this decision you can comment below or reach out to the Strapi Security Team via security@strapi.io.
The text was updated successfully, but these errors were encountered: