Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Drop BMX6 and its LuCI package #1021

Merged
merged 2 commits into from
Sep 29, 2023
Merged

Drop BMX6 and its LuCI package #1021

merged 2 commits into from
Sep 29, 2023

Conversation

BKPepe
Copy link
Member

@BKPepe BKPepe commented Sep 28, 2023

Fixes: #963

This will be backported to all the stable branches.

The reason, why it is going to be dropped is in commit messages.

This package is no longer maintained by us or by upstream developers.
The last version in the GitHub repository is from 2020 with no activity so far.
We are using version 0.1-alpha.

Because LuCI app is vulnerable to several CVEs and DependencyBot still
sends emails about it, let's drop it.

If anyone wants, they can use bmx7.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
DependencyBot, which are using is sending us emails about these CVEs:
CVE-2012-6708
CVE-2020-23064
CVE-2019-11358

This was reported to maintainer in April 2023, but no one stepped it to fix that,
so let's drop this.

Replacement could be luci-app-bmx7.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
@BKPepe BKPepe merged commit c2124dd into openwrt:master Sep 29, 2023
9 of 11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

luci-app-bmx6: jquery is outdated and vulnerable
1 participant