Skip to content

ETT-1533 plack-lib uses ancient Net::CIDR::Lite with multiple CVEs#218

Draft
moseshll wants to merge 1 commit into
mainfrom
ETT-1533_net_cidr_lite
Draft

ETT-1533 plack-lib uses ancient Net::CIDR::Lite with multiple CVEs#218
moseshll wants to merge 1 commit into
mainfrom
ETT-1533_net_cidr_lite

Conversation

@moseshll

@moseshll moseshll commented Jun 3, 2026
edited
Loading

Copy link
Copy Markdown
Contributor
  • Remove offending module (after verifying that our vendored copy was unmodified)
  • Install Net::CIDR::Lite via cpanm -- the official Debian package (0.22-3) lags latest (0.24) which addresses additional CVEs
  • Remove outdated Plack::Builder::Conditionals (0.03) and install Debian package (0.05-2).
    • No CVEs here, only minor fixes.
  • Remove addition to plack-lib LICENSE covering these two modules.
  • Bump top-level LICENSE year (since it is routinely overlooked).

Note: do not merge/deploy without go-ahead from A&E

@moseshll
ETT-1533 plack-lib uses ancient Net::CIDR::Lite with multiple CVEs
4b2770c 
- Remove offending module (after verifying that our vendored copy was unmodified)
- Install `Net::CIDR::Lite` via `cpanm` -- the official Debian package (0.22-3) lags latest (0.24)
  which addresses additional CVEs
- Remove outdated `Plack::Builder::Conditionals` (0.03) and install Debian package (0.05-2).
  - No CVEs here, only minor fixes.
- Remove addition to `plack-lib` LICENSE covering these two modules.
- Bump top-level LICENSE year (since it is routinely overlooked).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@moseshll