Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update to fabric loader 0.14.24 #383

Merged
merged 3 commits into from
Nov 1, 2023
Merged

Update to fabric loader 0.14.24 #383

merged 3 commits into from
Nov 1, 2023

Conversation

AlexIIL
Copy link
Contributor

@AlexIIL AlexIIL commented Nov 1, 2023

This brings in three changes:

  • Updated to ASM 9.6
  • Added FabricLoader.invokeEntrypoints
  • Fix a command injection vulnerability in vanilla Minecraft 20w21a -> 23w04a.

Which are only 3 commits of the actual upstream changeset: FabricMC/fabric-loader@0.14.22...0.14.24

@AlexIIL
Part 1 of Fabric Loader update:
6634074 
- Update to ASM 9.6
- Added FabricLoader.invokeEntrypoints
@AlexIIL AlexIIL force-pushed the update-upstream-23-and-24 branch from 0372106 to bf56984 Compare November 1, 2023 14:48
modmuss50 and others added 2 commits November 1, 2023 14:50
@modmuss50 @AlexIIL
Fix a command injection vulnerability in vanilla Minecraft 20w21a -> …
0a13672 
…23w04a

Fix a command injection vulnerability allowing malicious resource pack to unexpectedly execute code on Linux clients running vanilla Minecraft 1.16 (20w21a) -> 1.19.3 (23w04a).

It was recently found that the Tiny File Dialogs library is vulnerable to command injection techniques on Linux when invoked with untrusted data. This fix makes a small change in the create world `MoreOptionsDialog` screen to pass a hardcoded string as the dialog title.

Many thanks to ThatGravyBoat and Moulberry for investigating this issue and reporting it to fabric-loader in confidence.

(Original commit by modmuss50 here: FabricMC/fabric-loader@5d10144)
@AlexIIL
Bump provided fabric-loader version, add changelog
1596a3c
@AlexIIL AlexIIL force-pushed the update-upstream-23-and-24 branch from bf56984 to 1596a3c Compare November 1, 2023 14:51
@AlexIIL AlexIIL merged commit 1596a3c into develop Nov 1, 2023
1 check passed
@AlexIIL AlexIIL deleted the update-upstream-23-and-24 branch November 1, 2023 15:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AlexIIL @modmuss50