Releases: davewasmer/devcert
Releases · davewasmer/devcert
v1.1.1
Bug Fixes
#55: Fix remote execution vulnerability by switching from execSync to execFileSync
- Change
run()
to useexecFileSync
- Refactor codebase to use new signature of
run()
- Add an extra sanitizing step: test arguments passed to
certificateFor
with a (fairly permissive) regular expression limiting them to legal domain name chars
⚠️ This is a mandatory update! ⚠️
This release fixes a security vulnerability in previous versions. Previous versions will be deprecated.