Three years ago I blogged about #nuget serving outdated #curl packages.
Uncategorized
28
Posts
21
Posters
0
Views
-
Three years ago I blogged about #nuget serving outdated #curl packages.
They then removed the packages I found.
I checked nuget again *today* and immediately found a nine year old curl package that is downloaded at the rate of 1,000 times/week from there... with **64** known vulnerabilities.
The blog post from back then: https://daniel.haxx.se/blog/2023/03/02/the-curl-nuget-story/
-
Three years ago I blogged about #nuget serving outdated #curl packages.
They then removed the packages I found.
I checked nuget again *today* and immediately found a nine year old curl package that is downloaded at the rate of 1,000 times/week from there... with **64** known vulnerabilities.
The blog post from back then: https://daniel.haxx.se/blog/2023/03/02/the-curl-nuget-story/
@bagder That's quite the nugget you found there.
-
Three years ago I blogged about #nuget serving outdated #curl packages.
They then removed the packages I found.
I checked nuget again *today* and immediately found a nine year old curl package that is downloaded at the rate of 1,000 times/week from there... with **64** known vulnerabilities.
The blog post from back then: https://daniel.haxx.se/blog/2023/03/02/the-curl-nuget-story/
Microsoft, and Windows.
Ah well. -
Three years ago I blogged about #nuget serving outdated #curl packages.
They then removed the packages I found.
I checked nuget again *today* and immediately found a nine year old curl package that is downloaded at the rate of 1,000 times/week from there... with **64** known vulnerabilities.
The blog post from back then: https://daniel.haxx.se/blog/2023/03/02/the-curl-nuget-story/
"Microsoft is no longer accepting new submissions through secure@microsoft.com. Please use the Microsoft Researcher Portal "...
😠
-
"Microsoft is no longer accepting new submissions through secure@microsoft.com. Please use the Microsoft Researcher Portal "...
😠
but I took it to the big generic security portal and submitted a report there. Let's see what happens.
-
"Microsoft is no longer accepting new submissions through secure@microsoft.com. Please use the Microsoft Researcher Portal "...
😠
@bagder Maybe they got too many slop reports via email.
-
@bagder Maybe they got too many slop reports via email.
-
Three years ago I blogged about #nuget serving outdated #curl packages.
They then removed the packages I found.
I checked nuget again *today* and immediately found a nine year old curl package that is downloaded at the rate of 1,000 times/week from there... with **64** known vulnerabilities.
The blog post from back then: https://daniel.haxx.se/blog/2023/03/02/the-curl-nuget-story/
@bagder Have you considered if there's a demand for vintage curl releases that you aren't serving? Give the people what they want!
-
@bagder Have you considered if there's a demand for vintage curl releases that you aren't serving? Give the people what they want!
@Tenzer I linked the security people to this relevant page: https://curl.se/docs/vuln-7.51.0.html
-
"Microsoft is no longer accepting new submissions through secure@microsoft.com. Please use the Microsoft Researcher Portal "...
😠
@bagder AI Slop, this is why we can't have nice things.
-
-
Three years ago I blogged about #nuget serving outdated #curl packages.
They then removed the packages I found.
I checked nuget again *today* and immediately found a nine year old curl package that is downloaded at the rate of 1,000 times/week from there... with **64** known vulnerabilities.
The blog post from back then: https://daniel.haxx.se/blog/2023/03/02/the-curl-nuget-story/
@bagder I've using dotnet for a few years and wanted to try using Curl but didn't find anything that wasn't poorly maintained or totally outdated.
-
Three years ago I blogged about #nuget serving outdated #curl packages.
They then removed the packages I found.
I checked nuget again *today* and immediately found a nine year old curl package that is downloaded at the rate of 1,000 times/week from there... with **64** known vulnerabilities.
The blog post from back then: https://daniel.haxx.se/blog/2023/03/02/the-curl-nuget-story/
@bagder @shanselman responded to the bluesky mirror of this post.
-
@bagder @shanselman responded to the bluesky mirror of this post.
@ssg @shanselman thanks, I tend to miss the replies to the mirror-me over there...
-
Three years ago I blogged about #nuget serving outdated #curl packages.
They then removed the packages I found.
I checked nuget again *today* and immediately found a nine year old curl package that is downloaded at the rate of 1,000 times/week from there... with **64** known vulnerabilities.
The blog post from back then: https://daniel.haxx.se/blog/2023/03/02/the-curl-nuget-story/
@bagder
Have you considered reserving "Curl" prefix on NuGet?
https://learn.microsoft.com/en-us/nuget/nuget-org/id-prefix-reservation
It is not much but it would prevent random people from uploading "officially looking" packages. -
but I took it to the big generic security portal and submitted a report there. Let's see what happens.
My not at all surprised face: "After careful investigation, this case has been assessed as not a vulnerability and does not meet Microsoft's bar for immediate servicing."
-
My not at all surprised face: "After careful investigation, this case has been assessed as not a vulnerability and does not meet Microsoft's bar for immediate servicing."
@bagder our own IT team are running Office 2016 in a sensitive environment.
Why would MS be any better. 🙁 -
My not at all surprised face: "After careful investigation, this case has been assessed as not a vulnerability and does not meet Microsoft's bar for immediate servicing."
@bagder Subscription first, Quality second. Works as expected I suppose.
-
My not at all surprised face: "After careful investigation, this case has been assessed as not a vulnerability and does not meet Microsoft's bar for immediate servicing."
@bagder Microslop
-
Three years ago I blogged about #nuget serving outdated #curl packages.
They then removed the packages I found.
I checked nuget again *today* and immediately found a nine year old curl package that is downloaded at the rate of 1,000 times/week from there... with **64** known vulnerabilities.
The blog post from back then: https://daniel.haxx.se/blog/2023/03/02/the-curl-nuget-story/
@bagder nuget? more like oldget amirite
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@ottaross har you been tempted to do the “pop pop, paaaah”?
-
It's an acoustic bass. It makes your regular guitar feel like a little ukulele when you pick it up again. 😆
So a bass is just your regular guitar with the two high strings removed, and then a longer neck to drop it all an octave.
That G string tho! So electric sounding. Think the opening notes of Seinfeld. haha
-
@fucinafibonacci @spettacoli ma come non ha avuto successo?? Ma se ne hanno fatto sequel e serie tv a non finire! 😅
Forse ha floppato negli USA. Ma io me lo ricordo fighissimo al tempo, probabilmente ero piccolo me lo devo rivedere! Aveva un villain cattivissimo e tutta la storia non era male dai con Seat connery maestro d’armi! Un classico degli action anni 80!
-
@gmarcosanti
ah beh, quello lo faccio sempre, sono brontolone per principio
-
Macron approfitta della guerra e riaccende l’atomo: vuole più armi nucleari
-
-
@linkachus17
Yes, it's such a beautiful day.
-
@zeank
*mrrrrp*
