-
Notifications
You must be signed in to change notification settings - Fork 904
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade to 7-Zip 16.02 to overcome security vulnerabilities #812
Comments
* stable: (version) 0.9.10.2 (doc) update CHANGELOG/nuspec (GH-758) Ensure log path exists (GH-813) Fix double chocolatey logging folder (GH-813) Shorten Template default log path (doc) update default options help messages (maint) Don't log creation of folder (maint) formatting / add message consistency (GH-814) Ensure any version of choco (GH-811) Skip resource / licensed assemblies (version) 0.9.10.1 (doc) update CHANGELOG/nuspec (GH-810) Install of choco sets exit code (GH-812) Upgrade 7zip to 16.02 to address CVEs (doc) Note functions Calling Set-PowerShellExitCode (GH-810) Fix - Cannot bind parameter exitCode
If you cannot upgrade to at least 0.9.10.1, you can manually patch your Chocolatey installation. Look in In really old installs of Chocolatey (0.9.8.x and below), that path is |
There are some reports that the newer version of 7za.exe breaks some existing packages. Something to keep in mind. We determined it would be better to be secure and have some breakages versus the alternative. |
We are looking to switch over to 7z.exe (full) in 0.9.10.3, which could resolve this entirely. |
Upgrade to 7-Zip 16.02 to overcome CVE-2016-2334/CVE-2016-2335.
Related to #775.
The text was updated successfully, but these errors were encountered: