Skip to content

Commit 07a5e7e

Browse files
gzurlgzurl
authored
Merge pull request #45 from vmware-labs/security-fix
fix: Bump Wasmtime to 8.0.1 to address CVE
2 parents 5cbbbfc + acce2e8 commit 07a5e7e

File tree

3 files changed

+288
-203
lines changed

3 files changed

+288
-203
lines changed

CHANGELOG.md

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,20 @@
44

55
-
66

7+
## 0.11.2 (2023/05/02)
8+
9+
This is a security update to bump Wasmtime to 8.0.1 given the CVE published (low severity) and addressed in:
10+
- [GHSA-ch89-5g45-qwc7 (CVE-2023-30624)](https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-ch89-5g45-qwc7)
11+
12+
13+
### `libwasm_runtime.so`
14+
- Dependencies:
15+
- Bump version dependencies:
16+
- `wasmtime` to `8.0.1`.
17+
- `anyhow` to `1.0.71`.
18+
- Updated `cargo.lock` dependencies via `cargo update`.
19+
20+
721
## 0.11.1 (2023/03/31)
822

923
- Fixes [#40](https://github.com/vmware-labs/mod_wasm/issues/40), where a new thread could not create a new Wasm execution context while another thread was running a Wasm module. This was only measurable if the execution of the Wasm module was long enough in time or if it took longer than expected (i.e.: I/O issues, infinite loop, etc.). Note that CPU-limited Wasm executions are not implemented yet (see [#9](https://github.com/vmware-labs/mod_wasm/issues/9)).

0 commit comments

Comments
 (0)