Do discovered vulnerabilities in curl apply here?
schuemie opened this issue · comments
Sorry if this is a stupid question: Do the recently discovered vulnerabilities in the curl library apply to this R package as well? If so, will there be a new release with the patch scheduled for Oct 11?
Probably not, because we don't embed the libcurl source code, we only link to it. So you have to update libcurl from your os, I assume there will be hotfixes in macos, debian, etc.
An exception may be for Windows where we statically link a copy of curl. We'll see.