Posts Tagged ‘bug fixes’

Launchpad security advisory: Fix applied for unsafe tar file extraction vulnerability

Friday, June 19th, 2026

We received a private report from a security researcher describing a vulnerability affecting Launchpad. The vulnerability involved the unsafe processing of tar files at build upload and custom upload. We investigated promptly and deployed a fix shortly after the report. The reporting party has confirmed the issue is no longer exploitable.

Following remediation, we completed additional review and monitoring. We found no evidence of malicious exploitation. No user action is required.

We are sharing this update as part of our ongoing commitment to transparency and security.

We thank splitline (@_splitline_) and the DEVCORE Research Team for privately reporting this issue.

Launchpad news, March 2019 – July 2019

Tuesday, August 6th, 2019

Here’s a brief changelog of what we’ve been up to since our last general update.

(more…)

Launchpad news, February 2019

Thursday, March 7th, 2019

Here’s a brief changelog for this month.

(more…)

Launchpad news, July 2018 – January 2019

Thursday, February 21st, 2019

Here’s a brief changelog of what we’ve been up to since our last general update.

(more…)

Launchpad news, June 2018

Friday, July 6th, 2018

Here’s a brief changelog for this month.

(more…)

Launchpad news, May 2018

Saturday, June 2nd, 2018

Here’s a brief changelog for this month.

(more…)

Launchpad news, June 2017 – April 2018

Tuesday, May 1st, 2018

Once again it’s been a while since we posted a general update, so here’s a changelog-style summary of what we’ve been up to.  As usual, this changelog preserves a reasonable amount of technical detail, but I’ve omitted changes that were purely internal refactoring with no externally-visible effects.

(more…)

Launchpad news, May 2017

Wednesday, May 31st, 2017

Here’s a brief changelog for this month.

(more…)

Launchpad news, November 2015 – April 2017

Friday, April 28th, 2017

Well, it’s been a while!  Since we last posted a general update, the Launchpad team has become part of Canonical’s Online Services department, so some of our efforts have gone into other projects.  There’s still plenty happening with Launchpad, though, and here’s a changelog-style summary of what we’ve been up to.

(more…)

Launchpad news, October 2015

Monday, November 9th, 2015

Here’s what the Launchpad team did in October.

(more…)