Stream: shorthand
Topic: GoFSH 1.4.2
Chris Moesel (Dec 21 2021 at 03:09):
Announcing GoFSH 1.4.2 with the following bug fixes and minor enhancements:
- Fix output paths for resources with path separators in their
name(details below) - Improve processing of extensions that don't follow the expected approach
- Update dependency libraries to address known vulnerabilities
Vulnerability w/ Output Paths and Resource Names
For some output styles, GoFSH generates file names based on the resource name. In past versions of GoFSH, if the name contained one or more path separators, it was possible to cause GoFSH to write the FSH file to other locations on the filesystem. This behavior could be abused to intentionally overwrite existing FSH files on the system. The utility of leveraging this bug, however, is limited by the fact that the file extension will always be .fsh and the file contents will always be FHIR Shorthand. In this version of GoFSH, the bug has been fixed by properly sanitizing file names before writing them to disk.
Install or Update
To install or update to this release, run the following command:
$ npm install -g gofsh
More Information
For more details on this release, see the GoFSH 1.4.2 Release Notes.
Last updated: Apr 12 2022 at 19:14 UTC
