backhand
backhand copied to clipboard
Published
20 hours ago •
wcampbell0x2a
wcampbell0x2a
Investigate replacement of xz2 with liblzma-rs
trafficstars
I'm not sure about the long term solution, but https://github.com/Portable-Network-Archive/liblzma-rs had been updated and actively maintained vs xz2.
See https://github.com/Portable-Network-Archive/liblzma-rs/issues/95. I'm still using xz2, which uses an older version of xz that isn't vulnerable (not that the that version is vulnerable, but given the broad changes that maintainer created in the recent releases...)
I think doing this with a xz-new and NOT on by default would be fine.