Fedora has issued an advisory on March 11: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CSD3O3LQSW7QZLM33RFCIW3TFNXLB7QD/ The updated to 4.35 with an additional bug fix (it would be good to update Cauldron).
Status comment: (none) => Fixed upstream in 4.34
Cauldron already has 4.34, but note Luigi's remark about 4.35. Assigning to tv who did the 4.34 (& earlier) update[s).
Assignee: bugsquad => thierry.vignaud
Suggested advisory: ======================== The updated package fixes some bugs including a security vulnerability: Decoding hash keys without ending ':'. References: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CSD3O3LQSW7QZLM33RFCIW3TFNXLB7QD/ ======================== Updated package in core/updates_testing: ======================== perl-Cpanel-JSON-XS-4.350.0-1.mga8 from SRPM: perl-Cpanel-JSON-XS-4.350.0-1.mga8.src.rpm
CC: (none) => nicolas.salgueroAssignee: thierry.vignaud => qa-bugsStatus: NEW => ASSIGNEDStatus comment: Fixed upstream in 4.34 => (none)
Note that this is still pending a freeze move in Cauldron.