3.6.2
版本发布时间: 2023-12-04 23:21:32
fish-shell/fish-shell最新发布版本:3.7.1(2024-03-19 13:29:28)
(Please note: this release builds and runs successfully, but the test suite does not pass. A new version will be released shortly.)
This release of fish contains a security fix for CVE-2023-49284, a minor security problem identified in fish 3.6.1 and previous versions (thought to affect all released versions of fish).
fish uses certain Unicode non-characters internally for marking wildcards and expansions. It incorrectly allowed these markers to be read on command substitution output, rather than transforming them into a safe internal representation.
For example, echo \UFDD2HOME
has the same output as echo $HOME
.
While this may cause unexpected behavior with direct input, this may become a minor security problem if the output is being fed from an external program into a command substitution where this output may not be expected.
Download links: To download the source code for fish, we suggest the file named "fish-3.6.2.tar.xz". The file downloaded from "Source code (tar.gz)" will not build correctly. The SHA-256 sum of this file is a21a6c986f1f80273895ba7e905fa80ad7e1a262ddb3d979efa443367eaf4863
. A GPG signature from David Adam (key ID 0x7A67D962D88A709A
) is available as "fish-3.6.2.tar.xz.asc".
1、 fish-3.6.2.tar.xz 2.78MB
2、 fish-3.6.2.tar.xz.asc 833B