devcert

Bug Fixes

#55: Fix remote execution vulnerability by switching from execSync to execFileSync

• Change run() to use execFileSync
• Refactor codebase to use new signature of run()
• Add an extra sanitizing step: test arguments passed to certificateFor with a (fairly permissive) regular expression limiting them to legal domain name chars

⚠️ This is a mandatory update! ⚠️

This release fixes a security vulnerability in previous versions. Previous versions will be deprecated.