Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Providing a list of security-related bugs #1822

Open
michaeleisel opened this issue May 14, 2022 · 2 comments
Open

Providing a list of security-related bugs #1822

michaeleisel opened this issue May 14, 2022 · 2 comments

Comments

@michaeleisel
Copy link

When deciding whether or not to update my version of simdjson in ZippyJSON, one of the big factors is security. I'm not necessarily interested in new APIs or features, but I want to make sure that the version I use is as secure as possible. That said, I don't want to upgrade every time if I can help it (and also risk encountering new bugs). It would be great if there was a list somewhere of simdjson's security-related bugs, e.g. buffer overflows, the version they were fixed in (if fixed), and the version they were first introduced (ideally). It would help me decide when to upgrade my version of simdjson.
@lemire
Copy link
Member

lemire commented May 16, 2022

That’s a great idea. Would someone volunteer to manage such a database?

@jkeiser
Copy link
Member

jkeiser commented May 17, 2022

Given the number of them, I imagine someone could skim the notes for each release and make a pretty short document. I only remember finding one really obscure security bug in the past 3 years, but I imagine I've forgotten one or two others.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lemire @jkeiser @michaeleisel