Security leak in _.template, please update
jgonggrijp opened this issue · 4 comments
jgonggrijp commented
We were notified of a security issue in _.template
, which appears to have existed since Underscore version 1.3.2. The bug was fixed in version 1.12.1 and 1.13.0-2, which I just published. If using NPM, please upgrade to underscore@latest
or underscore@preview
.
willdurand commented
@jgonggrijp where is the 1.12.1
tag?
jgonggrijp commented
@willdurand I intentionally postponed pushing that in order to give people who want to exploit the leak less to go on. I'll let you know when I push it.
willdurand commented
thanks
jgonggrijp commented
@willdurand The tag is online now.