protobuf v6.8.6 Release Notes
Release Date: 2018-02-26 // about 6 years ago-
๐ This is a security patch:
- ๐ Fixes
typeRefRe
used in the parser (1.X-6.8.5) being vulnerable to ReDoS as reported by James Davis. Relevant where a user is allowed to provide .proto sources for parsing. Applications using trusted .proto definitions, JSON descriptors or static code exclusively are not affected.
- ๐ Fixes