Skip to content

Fix CVE-2026-31802 by updating tar to patched versions#345

Open
sbouchet wants to merge 1 commit intoeclipse-che:mainfrom
sbouchet:CVE-2026-31802
Open

Fix CVE-2026-31802 by updating tar to patched versions#345
sbouchet wants to merge 1 commit intoeclipse-che:mainfrom
sbouchet:CVE-2026-31802

Conversation

@sbouchet
Copy link
Contributor

@sbouchet sbouchet commented Mar 20, 2026
edited
Loading

This PR fixes GHSA-9ppj-qmqm-q256: Symlink Path Traversal via Drive-Relative Linkpath

tar version is updated to 7.5.11

fixes https://redhat.atlassian.net/browse/CRW-10348

@sbouchet
Fix CVE-2026-31802 by updating tar to patched versions
b9261f0 
This PR fixes GHSA-9ppj-qmqm-q256: Symlink Path Traversal via
Drive-Relative Linkpath

tar version is updated to 7.5.11

fixes https://redhat.atlassian.net/browse/CRW-10348

Signed-off-by: Stephane Bouchet <sbouchet@redhat.com>
@sbouchet sbouchet requested review from azatsarynnyy, rgrunber and vrubezhny and removed request for amisevsk, azatsarynnyy and l0rd March 20, 2026 09:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vrubezhny vrubezhny Awaiting requested review from vrubezhny

@rgrunber rgrunber Awaiting requested review from rgrunber

@azatsarynnyy azatsarynnyy Awaiting requested review from azatsarynnyy azatsarynnyy is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sbouchet