zsh-announce
 help / color / mirror / code / Atom feed
* zsh 5.8.1 released (CVE-2021-45444)
@ 2022-02-12 15:41 dana
  0 siblings, 0 replies; only message in thread
From: dana @ 2022-02-12 15:41 UTC (permalink / raw)
  To: zsh-announce

Hello,

zsh 5.8.1 has been released and made available for download at the
following locations:

  https://sourceforge.net/projects/zsh/files/
  https://www.zsh.org/pub/

This is a stable security release with a few bug fixes, including one
for CVE-2021-45444, a vulnerability in prompt expansion which could be
exploited through e.g. VCS_Info to execute arbitrary shell commands
without a user's knowledge. All sites are encouraged to update from
zsh 5.8. A partial work-around which can be applied within a running
shell is provided in the source distribution for those who are unable
to update their shell binaries.

For further details, please refer to the README and NEWS files
distributed with the shell, or see here:

  https://zsh.sourceforge.io/releases.html

PS: Maintainers of down-stream zsh packages are invited to e-mail
<zsh-security@zsh.org> if they would like to request pre-notification
of security releases like this one.

dana



^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2022-02-12 15:55 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-12 15:41 zsh 5.8.1 released (CVE-2021-45444) dana

Code repositories for project(s) associated with this inbox:

	https://git.vuxu.org/mirror/zsh/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).