Igor Ponomarev discovered that LAVA, a continuous integration system for deploying operating systems onto physical and virtual hardware for running tests, used exec() on input passed to the server component.
Archive for October 23rd, 2022
## CKEditor 4.20 New Features: * [#5084](https://github.com/ckeditor/ckeditor4/issues/5084): Added the [`config.t abletools_scopedHeaders`](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITO R_config.html#cfg-tabletools_scopedHeaders) configuration option controlling the behaviour of table headers with and without the `[scope]` attribute. *
– [7.92](https://www.drupal.org/project/drupal/releases/7.92) – [7.91](https://www.drupal.org/project/drupal/releases/7.91) – [SA- CORE-2022-012 / CVE-2022-25275](https://www.drupal.org/sa-core-2022-012) – [7.90](https://www.drupal.org/project/drupal/releases/7.90) – [7.89](https://www.drupal.org/project/drupal/releases/7.89) –
## [3.1.47] – 2022-09-14 ### Security – Applied appropriate javascript and html escaping in mailto plugin to counter injection attacks [#454](https://github.com/smarty-php/smarty/issues/454) ### Fixed – Fixed use of `rand()` without a parameter in math function [#794](https://github.com/smarty-php/smarty/issues/794) – Fixed unselected
The security update announced as DSA 5257-1 caused regressions on certain systems using the amdgpu driver. Updated packages are now available to correct this issue.