Skip to content

Commit cdf7b71

Browse files
committed
improve links, add warning box
1 parent 6c9cbbb commit cdf7b71

File tree

1 file changed

+8
-4
lines changed

1 file changed

+8
-4
lines changed

blog/2024-04-10-nushell_0_92_2.md

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -12,12 +12,16 @@ Nushell, or Nu for short, is a new shell that takes a modern, structured approac
1212

1313
Today, we're releasing version 0.92.2 of Nu, a hotfix release for 0.92.1. This hot-fix addresses a security concern with how arguments are passed to external commands on Windows.
1414

15-
The underlying vulnerability is found in the interaction of the Rust standard library we use and the Windows command invocation logic and documented as [CVE-2024-24576](https://nvd.nist.gov/vuln/detail/CVE-2024-24576). For further reading:
15+
The underlying vulnerability was found in the interaction of the Rust standard library we use and the Windows command invocation logic and documented as [CVE-2024-24576](https://nvd.nist.gov/vuln/detail/CVE-2024-24576). For further reading:
1616

17-
- [https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html](https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html)
18-
- [https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/](https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/)
17+
- [CVE-2024-24576 on the Rust blog](https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html)
18+
- [the writeup on the BatBadBut bug](https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/), exposed by [@ryotkak](https://twitter.com/ryotkak) of [Flatt Security](https://flatt.tech/).
1919

20-
To address this concern we have updated the version of the Rust compiler and standard library used to build Nushell to the latest stable version (1.77.2). Distributors of Nushell also need to upgrade their Rust toolchain to provide a Nushell build with the patch included.
20+
To address this concern we have updated the version of the Rust compiler and standard library used to build Nushell to the latest stable version (1.77.2).
21+
22+
::: warning
23+
Distributors of Nushell also need to upgrade their Rust toolchain to provide a Nushell build with the patch included.
24+
:::
2125

2226
For convenience, we are providing full patched builds for Windows, Linux, and macOS. Be sure you have the [requirements](https://www.nushell.sh/book/installation.html#dependencies) to enable all capabilities.
2327

0 commit comments

Comments
 (0)