Bug #92920 for XML-Compile-SOAP: Uses File::Slurp, known to be buggy and vulnerable

Mon Feb 10 16:00:19 2014 ether [...] cpan.org - Ticket created

Subject:

Uses File::Slurp, known to be buggy and vulnerable

I noticed that File::Slurp was listed as a dependency of this distribution. I didn't search in the source to see how/where you were using it, but you should be aware that File::Slurp has a number of issues, some of which are quite serious, such as: https://rt.cpan.org/Ticket/Display.html?id=83126 Given that encoding issues are very important to your module, you are probably affected as well. File::Slurp::Tiny is meant to be a drop-in replacement; Path::Tiny is also excellent.

Tue Feb 11 03:33:16 2014 solutions [...] overmeer.net - Correspondence added

Subject:	Re: [rt.cpan.org #92920] Uses File::Slurp, known to be buggy and vulnerable
Date:	Tue, 11 Feb 2014 09:32:59 +0100
To:	Karen Etheridge via RT <bug-XML-Compile-SOAP [...] rt.cpan.org>
From:	Mark Overmeer <solutions [...] overmeer.net>

* Karen Etheridge via RT (bug-XML-Compile-SOAP@rt.cpan.org) [140210 21:00]: Show quoted text

> Mon Feb 10 16:00:19 2014: Request 92920 was acted upon. > Transaction: Ticket created by ETHER > Queue: XML-Compile-SOAP > Subject: Uses File::Slurp, known to be buggy and vulnerable > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=92920 > > > I noticed that File::Slurp was listed as a dependency of this > distribution.

Only for the ::XOP extension. Show quoted text

> File::Slurp::Tiny is meant to be a drop-in replacement;

Ok, accepted. -- Thanks, MarkOv ------------------------------------------------------------------------ Mark Overmeer MSc MARKOV Solutions Mark@Overmeer.net solutions@overmeer.net http://Mark.Overmeer.net http://solutions.overmeer.net

Tue Feb 11 03:33:16 2014 The RT System itself - Status changed from 'new' to 'open'

Fri Oct 10 13:41:21 2014 MARKOV [...] cpan.org - Correspondence added

fixed in 3.05

Fri Oct 10 13:41:23 2014 MARKOV [...] cpan.org - Status changed from 'open' to 'resolved'