Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-75550

Bump version number listed in Mustache

XMLWordPrintable

    • 1
    • Team Hedgehog 4.1 sprint 0.3

      We recently upgraded Mustache to version 2.14.1 to apply a security fix made in that version. We used the officially tagged version in Github for that update. There is a small oversight in that version (in the upstream repo), where the version number listed in the code is 2.14.0 (which at the time we decided to leave as-is so it was correct to the original library).

      Unfortunately, it seems like that may cause some confusion / false positive security reports, where people see the version number and assume the code is the un-patched 2.14.0 version.

      To avoid further confusion, we should make the following change in the Mustache library on master, 400, 311 and 310:

      https://github.com/bobthecow/mustache.php/commit/d36cd805c41dd21710a4ce9f2f385eeb51aacaba

       

            michaelh Michael Hawkins
            michaelh Michael Hawkins
            Huong Nguyen Huong Nguyen
            Sara Arjona (@sarjona) Sara Arjona (@sarjona)
            CiBoT CiBoT
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 35 minutes
                35m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.