lua-casbin icon indicating copy to clipboard operation
lua-casbin copied to clipboard

Published 20 hours ago verified publisher icon casbin

Update the dependency library rex_pcre to rex_pcre2

Open andrew99-lab opened this issue 1 year ago • 2 comments
trafficstars

rex_pcre depends on pcre-v1 (v8.45), which was released in 1997 and has now stopped supporting and maintaining. For security and software update support considerations, is it a feasible measure to upgrade the rex_pcre that lua-casbin depends on to rex_pre2?

local rex = require ("rex_pcre")
local posix = require("posix.fnmatch")

The official pcre document clearly states(https://www.pcre.org/):

Versions
There are two major versions of the PCRE library. The current version, PCRE2, [released in 2015,](https://lists.exim.org/lurker/message/20150105.162835.0666407a.en.html) is now at version 10.39.

The older, but still widely deployed PCRE library, originally released in 1997, is at version 8.45. This version of PCRE is now at end of life, and is no longer being actively maintained. Version 8.45 is expected to be the final release of the older PCRE library, and new projects should use PCRE2 instead.

andrew99-lab avatar Jun 05 '24 06:06 andrew99-lab

@Edmond-J-A @rushitote @techoner

casbin-bot avatar Jun 05 '24 06:06 casbin-bot

@mikyll can you help work on this?

hsluoyz avatar Nov 28 '24 16:11 hsluoyz

@hsluoyz sure, I'd be glad to help 🙂 I'll take a look

mikyll avatar Nov 28 '24 18:11 mikyll

:tada: This issue has been resolved in version 1.45.0 :tada:

The release is available on GitHub release

Your semantic-release bot :package::rocket:

github-actions[bot] avatar Nov 28 '24 23:11 github-actions[bot]