Memo in case of upgrade >= 1.2.5
Opened this issue · 1 comments
supermamie commented
Describe the bug
Upgrade to borg >= 1.2.5 will require a specific upgrade
Context
Here is the doc about the upgrade :
https://github.com/borgbackup/borg/blob/1.2.6/docs/changes.rst#pre-125-archives-spoofing-vulnerability-cve-2023-36811
I have not analyzed it deeply but it seems that the upgrade process will have to contain some intelligence to upgrade.
alexAubin commented
Hmpf I don't know if we want to address this, there seem to be a big number of "ifs", and the appropriate way to "fix" the thing (if it happened) is clearly not straightforward ... Like, maybe it's concern for shared repo somehow but that's not the topology we have here x_x