Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL. Various fixes from internal audits, fuzzing and other initiatives We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.Īs usual, our ongoing internal security work was responsible for a wide range of fixes: Low CVE-2023-2941: Inappropriate implementation in Extensions API. In anticipation, Postman engineers have already started to build out new features and enhancements exclusively in the native apps. That means that beginning THIS year, support for the Postman Chrome app is going away. Medium CVE-2023-2940: Inappropriate implementation in Downloads. Google announced plans to end support for Chrome apps for Windows, Mac, and Linux users. Now we look to manage your entire API workflow with a Mac app and a full blown testing suite that includes seamless request capturing and cookie handling. Medium CVE-2023-2939: Insufficient data validation in Installer. Postman started as a legacy chrome extension to provide an easy way for developers to test API endpoints. Medium CVE-2023-2938: Inappropriate implementation in Picture In Picture. Medium CVE-2023-2937: Inappropriate implementation in Picture In Picture. Reported by Sergei Glazunov of Google Project Zero on ![]() High CVE-2023-2936: Type Confusion in V8. High CVE-2023-2935: Type Confusion in V8. Reported by Mark Brand of Google Project Zero on High CVE-2023-2934: Out of bounds memory access in Mojo. Reported by Quang Nguyễn of Viettel Cyber Security and Nguyen Phuong on High CVE-2023-2933: Use after free in PDF. Reported by Huyna at Viettel Cyber Security on High CVE-2023-2932: Use after free in PDF. ![]() ![]() High CVE-2023-2931: Use after free in PDF. High CVE-2023-2930: Use after free in Extensions. High CVE-2023-2929: Out of bounds write in Swiftshader. Please see the Chrome Security Page for more information. Below, we highlight fixes that were contributed by external researchers. Postman makes working with APIs faster and easier by supporting developers at every stage of their workflow, and is available for Mac OS X, Windows, Linux and Chrome users. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed. Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |