Security Release for N|Solid Version 4.5.1
This is a security release and includes fixes for Regular Expression Denial of Service (ReDoS).
The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive for developers and can ultimately end up making it easy for attackers to take your site down.
This version also includes a fix for the relay mode that corrects the communication of metrics with the latest changes implemented for Worker Threads.
glob-parent is a package that helps extracting the non-magic parent path from a glob string.
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). The enclosure regex used to check for strings ending in an enclosure containing path separator.
Upgrade glob-parent to version 5.1.2 or higher.
Upgrade to N|Solid Version 4.5.1. This vulnerability is not no longer present within NSolid dependencies. Notice that this dependency is part of NCM which is bundled in NSolid.
For details about this security releases and corresponding vulnerabilities, please refer to the link below:
Regular Expression Denial of Service (ReDoS)