Skip Navigation

Nix 2.24.8 released fixing builtin:fetchurl credentials leak, severity 5.9 (moderate)

discourse.nixos.org Nix 2.24.8 released fixing builtin:fetchurl credentials leak, severity 5.9 (moderate)

DetSys seems to have made a security release to NixCpp. The primary risk is leaking of netrc credentials through a crafted derivation plus an attacker-in-the-middle. Users of the experimental feature impure-derivations are at greater risk. FlakeHub Cache users and users of impure derivations sh...

Nix 2.24.8 released fixing builtin:fetchurl credentials leak, severity 5.9 (moderate)
0
0 comments