CVE-2016-5118 - please upgrade to sharp ^0.15.0

Question

lovell opened this issue 9 years ago · 2 comments

The pre-built binaries used by sharp v0.14.x include a version of *magick that is vulnerable to CVE-2016-5118.

Please see lovell/sharp#449 for more details.

Answer 1 · 2016-05-31T22:19:15.000Z

Thanks @lovell -- I seem to remember there was a reason I couldn't update to latest. I'll try again this week.

Answer 2 · 2016-06-01T15:48:09.000Z

Addressed via 56510b1 -- published as 0.29.0