Project

General

Profile

Is the current stable release safe from CVEs?

Added by Fred Tacoberger 5 months ago

It's been a while since AdiIRC had a stable release. Are all the bundled dependencies free of CVEs that a new build hasn't been necessary? SSL libs? PCRE libs? There must be a lot of stuff that could be a potential avenue for attack, not that there necessarily is. I'm just wondering if this is being monitored. For example mirc makes new builds when openssl has a security release.


Replies (3)

RE: Is the current stable release safe from CVEs? - Added by Per Amundsen 5 months ago

AdiIRC is written in C# which is a memory safe language and uses windows SSL, any CVEs in .NET or SSL are fixed by microsoft.

RE: Is the current stable release safe from CVEs? - Added by Fred Tacoberger 5 months ago

ahh so as long as keep our .net packages updated we're good. I guess that's an advantage.

RE: Is the current stable release safe from CVEs? - Added by Per Amundsen 5 months ago

Yeah, I would never write software facing the internet which is not written in a memory safe language, it's just too dangerous.

    (1-3/3)