Updated/renamed existing iodine advisory#1062
Conversation
| cve: 2026-41146 | ||
| ghsa: 2x79-gwq3-vxxm | ||
| url: https://github.com/boazsegev/facil.io/security/advisories/GHSA-2x79-gwq3-vxxm | ||
| url: https://github.com/advisories/GHSA-2x79-gwq3-vxxm |
There was a problem hiding this comment.
I'm still quite lost what belongs here. What is the priority for URL? If there's CVE, should be CVE priority?
Usually there is one of:
- CVE
- GHSA (generic page)
- GHSA (project page)
Is there any proper order of choice here?
There was a problem hiding this comment.
I changed the URL because the old one is for the wrong repo facil.io where the new old was GHSA-reviewed as a iodine gem advisory and it is less misleading at face value.
Regarding generic vs project page, there is usually the same except for rubies advisories and they are no project advisories but their are GHSA advisories.
Our (@postmodern) filename priority was CVE, GHSA, OSVDB. The "rake" linting checks for it.
PS. I will let you click "Resolve convention" from now on.
There was a problem hiding this comment.
So any reason to not use CVE link here?
There was a problem hiding this comment.
I agree - the CVE link was created yesterday after my email - add chane.
| related: | ||
| url: | ||
| - https://nvd.nist.gov/vuln/detail/CVE-2026-41146 | ||
|
|
Co-authored-by: Connor Shea <2977353+connorshea@users.noreply.github.com>
flavorjones
left a comment
flavorjones
left a comment
There was a problem hiding this comment.
All comments seem to be resolved. Approving and merging.
4 participants
Updated/renamed existing iodine advisory