Description
I've made a fuzzer for lua: https://github.com/stevenjohnstone/afl-lua. I was trying it out on known vulnerabilities and verified that it could detect the issues flagged in CVE-2018-11218 with 0.4.0-0. I then tried to install the latest and greatest following the README instructions as a point of comparison and found the same bugs...because luarocks had installed the version 0.4.0-0 again 🤦
Turns out the README instructions need to be updated to install the correct version; luarocks probably should probably just fail when the specified source isn't found but that's another issue. See #62 for a build instruction fix.
Would it be possible to tag another release and push it to luarocks?
BTW, fuzzer hasn't found any issues with the latest and greatest 👍