add security note

2023-01-21 06:19:06 +11:00 · 2023-01-21 06:19:06 +11:00 · ecf775af38
parent 36ea83d5ff
commit ecf775af38
1 changed files with 6 additions and 0 deletions
--- a/RELEASE_NOTES.md
+++ b/RELEASE_NOTES.md
@ -11,3 +11,9 @@
 * FTP Client upload and logging improvements
 * Refactor base64 handling for Android compatibility

+## Security Note
+
+The validator unzips archive files to the local file system when 
+it is scanning zip files it has been asked to validate, and when it is
+installing packages. These processes are now resistant to the zip-slip
+vulnerability.