Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merge in Upstream Changes (Security Issue, Packaging for 4.1.3 release) #286

Closed
wants to merge 2 commits into from

Conversation

awaterma
Copy link
Member

No description provided.

colincasey and others added 2 commits June 5, 2023 08:13
All occurrences of new object creation in `memstore.js` have been changed from `{}` (i.e.; `Object.create(Object.prototype)` to `Object.create(null)` so that we are using object instances that do not have a prototype property that can be polluted.

@fixes #282
@awaterma awaterma requested a review from colincasey June 19, 2023 16:41
@colincasey
Copy link
Contributor

let's pull this in from here instead of main - #287

@colincasey colincasey closed this Jun 19, 2023
wjhsf pushed a commit that referenced this pull request Feb 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants