**** BEGIN LOGGING AT Wed Apr 21 03:01:26 2021 Apr 21 07:45:24 good morning Apr 21 11:05:25 Hi, Looks like the latest LUA version is still 5.3.6, but there is a Vulnerability CVE-2020-15888 up to (including) 5.4.0 Apr 21 11:05:26 Any chance of update to 5.4.3?? Apr 21 11:22:30 brnvrn: send patches? or backport the cvs, seems to have been done for others already: http://layers.openembedded.org/layerindex/recipe/23539/ Apr 21 12:19:56 Thanks for the link. Is there any test for this. It looks like only one patch is backported, but the CVE mentions 2 patches. The big one is not backported Apr 21 12:24:24 Not sure I can post link: https://nvd.nist.gov/vuln/detail/CVE-2020-15888#vulnHyperlinksPanel Apr 21 12:26:13 brnvrn: heh no, i wasn't saying that it is backported. i wanted to express that patch backports are generally possible and might be accepted. so if you send a patch.... Apr 21 12:38:53 I understand that my contribution is welcome:-)   but I am no good at C. Even if, the patch for the CVE already exist and it is not clear on LUA's side which commits are required to fix the Vulnerability anyway, so I would not know what to do. **** ENDING LOGGING AT Thu Apr 22 02:59:57 2021