False Security
4 comments
I was contacted by the submitter and they apologized and removed the blog entry. It was AI generated. It was nice to see they were upstanding enough to correct it. That's a plus in my book.
it is good to hear that they at least admitted to it and complied.
that's just obnoxious, do you have a link to the article they created about it?
Well, blog entry is still there at https://orbisappsec.com/blog/critical-buffer-overflow-in-ojs... but it is total nonsense and a hallucination.
The PR was useful though as it show that the supposed fix was in a function that was never called. I removed it this morning.
The PR if anyone is interested is https://github.com/ohler55/oj/pull/1011