Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

[QUESTION] Is it possible to fix the vulnerability for the v4 #2418

Open
viveleltsi opened this issue Feb 12, 2024 · 2 comments · Fixed by #2424
Open

[QUESTION] Is it possible to fix the vulnerability for the v4 #2418

viveleltsi opened this issue Feb 12, 2024 · 2 comments · Fixed by #2424
Labels

Comments

@viveleltsi
Copy link

Hi everyone,
I was wondering if it's conceivable to fix the critical vulnerability for the version 4 of LiteDB.

I understand it's not a big priority as the project is now on the v5 and the issue was already solve since the 5.0.13 but it could help people who don't want to migrate their database to v5.

If you think it's possible I could make a PR for it.

For me it's because I have my own migration tool to ensure that my database can be migrate (data view) up/down depending on my software version and it will be difficult to manage a new version of the LiteDB.
Regarding this usage. Is there some API to migrate (other than the upgrade=true on the connexion string) to migration to V5 and more interesting : migration from V5 to V4 ?

Thank you for your time and have a great day!

@viveleltsi
Copy link
Author

I have made a PR for this issue. Like I said on the PR my modification should stay on a new branch and should not be merged on master.

@dgodwin1175
Copy link

dgodwin1175 commented Feb 21, 2024

+1

We also need this vulnerability fixed in v4, as we cannot upgrade to v5 due to #2307

We have tried the latest 5.0.18 which is supposed to resolve #2307 however this introduced a new issue "Maximum number of transactions reached" (this error has been seen before after a series of errors, but in 5.0.18 it's happening very quickly after startup of our application, no prior errors, and only a couple of db upserts).

Rolling back to 5.0.17 removes the "Maximum number of transactions reached" problem, but does not resolve #2307 .

Please help us!

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants