Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security fix for ReDoS #10210

Merged
merged 2 commits into from
Sep 16, 2021
Merged

Conversation

ready-research
Copy link
Contributor

@ready-research ready-research commented Sep 3, 2021

这个 PR 做了什么? (简要描述所做更改)
Fixed Regular Expression Denial of Service vulnerability in URL validation
Reported in https://www.huntr.dev/bounties/0ebe85e6-cc85-42b8-957e-18d8df277414/

这个 PR 是什么类型? (至少选择一个)

  • 错误修复(Bugfix) issue id #
  • 新功能(Feature)
  • 代码重构(Refactor)
  • TypeScript 类型定义修改(Typings)
  • 文档修改(Docs)
  • 代码风格更新(Code style update)
  • 其他,请描述(Other, please describe):

这个 PR 涉及以下平台:

  • 所有小程序
  • 微信小程序
  • 支付宝小程序
  • 百度小程序
  • 字节跳动小程序
  • QQ 轻应用
  • 京东小程序
  • 快应用平台(QuickApp)
  • Web 平台(H5)
  • 移动端(React-Native)

Fixed Regular Expression Denial of Service vulnerability in url validation
@taro-bot2
Copy link

taro-bot2 bot commented Sep 3, 2021

欢迎提交 PR~ Taro 非常感谢您对开源事业做出的贡献!🌷🌷🌷

一般 PR 会在一到两周内进行 review,成功合入后会随下一个版本进行发布。

Review 需要耗费大量时间,所以请遵循以下规范,协助我们提高 review 效率🙏🙏🙏

  1. 详细介绍 PR 的背景(非常重要,例如解决了什么问题,该问题如何复现等)
  2. 确保 CI 顺利运行。
  3. 最好能提供对应的测试用例。

为了更好地进行沟通,请加入 Taro 开发者微信群:

@Chen-jj
Copy link
Contributor

Chen-jj commented Sep 16, 2021

#10190

@Chen-jj
Copy link
Contributor

Chen-jj commented Sep 16, 2021

@ready-research Thanks for PR~

@ready-research
Copy link
Contributor Author

@Chen-jj Can you please validate this in huntr by clicking Mark as valid and also confirm the fix. Thankyou.

@Chen-jj
Copy link
Contributor

Chen-jj commented Sep 16, 2021

@ready-research done~

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants