Is the current stable release safe from CVEs?
Added by Fred Tacoberger 5 months ago
It's been a while since AdiIRC had a stable release. Are all the bundled dependencies free of CVEs that a new build hasn't been necessary? SSL libs? PCRE libs? There must be a lot of stuff that could be a potential avenue for attack, not that there necessarily is. I'm just wondering if this is being monitored. For example mirc makes new builds when openssl has a security release.
Replies (3)
RE: Is the current stable release safe from CVEs? - Added by Per Amundsen 5 months ago
AdiIRC is written in C# which is a memory safe language and uses windows SSL, any CVEs in .NET or SSL are fixed by microsoft.
RE: Is the current stable release safe from CVEs? - Added by Fred Tacoberger 5 months ago
ahh so as long as keep our .net packages updated we're good. I guess that's an advantage.
RE: Is the current stable release safe from CVEs? - Added by Per Amundsen 5 months ago
Yeah, I would never write software facing the internet which is not written in a memory safe language, it's just too dangerous.