<h2>Cycle 3 report</h2>
<p>There was a note from Luke Dashjr on the mailing list about vulnerabilities being disclosed. We should all make sure to be on at least v0.17.1</p>
<pre><code>Two relatively minor vulnerabilities will likely be disclosed sometime soon.
The first vulnerability, CVE-2017-18350, was introduced in v0.7.0 (released in
2012 September), and affects all versions released until the fix was included
in v0.15.1 (released in 2017 November). No versions prior to v0.15.1 are
expected to be fixed.
The second vulnerability, CVE-2018-20586, was introduced in v0.12.0 (released
in 2016 February), and affects all versions released until the fix was
included in v0.17.1 (released in 2018 December). As of today, this fix has
NOT been backported to older versions. When/if v0.15.3 and v0.16.4 are
released, they may also include a fix, but due to the minor severity of this
vulnerability, it does not merit a dedicated release on its own. (The git
branches are also NOT fixed at this time.)
Please be sure you have upgraded to a fixed version no later than August 1st.
</code></pre>
<p><a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="465633727" data-permission-text="Issue title is private" data-url="https://github.com/bisq-network/compensation/issues/311" data-hovercard-type="issue" data-hovercard-url="/bisq-network/compensation/issues/311/hovercard" href="https://github.com/bisq-network/compensation/issues/311">bisq-network/compensation#311</a></p>
<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/bisq-network/roles/issues/66?email_source=notifications&email_token=AJFFTNVDX3OKTEX5EFMSKY3P6RD47A5CNFSM4ELCMQTKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODZPQUSA#issuecomment-509545032">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AJFFTNV3DAK26K2X7FYDYMTP6RD47ANCNFSM4ELCMQTA">mute the thread</a>.<img src="https://github.com/notifications/beacon/AJFFTNQCX6MERU6JTKMPF43P6RD47A5CNFSM4ELCMQTKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODZPQUSA.gif" height="1" width="1" alt="" /></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/bisq-network/roles/issues/66?email_source=notifications\u0026email_token=AJFFTNVDX3OKTEX5EFMSKY3P6RD47A5CNFSM4ELCMQTKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODZPQUSA#issuecomment-509545032",
"url": "https://github.com/bisq-network/roles/issues/66?email_source=notifications\u0026email_token=AJFFTNVDX3OKTEX5EFMSKY3P6RD47A5CNFSM4ELCMQTKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODZPQUSA#issuecomment-509545032",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>