Skip to content

Add TinaCMS fixed source tag references#8592

Draft
cookesan wants to merge 1 commit into
github:cookesan/advisory-improvement-8592from
cookesan:tinacms-55661-nvd-reference
Draft

Add TinaCMS fixed source tag references#8592
cookesan wants to merge 1 commit into
github:cookesan/advisory-improvement-8592from
cookesan:tinacms-55661-nvd-reference

Conversation

@cookesan

@cookesan cookesan commented Jul 7, 2026

Copy link
Copy Markdown

Summary

  • add the TinaCMS fixed source tag references for tinacms 3.9.3 and @tinacms/mdx 2.1.7
  • keep the NVD advisory reference for CVE-2026-55661

Validation

  • confirmed the advisory aliases CVE-2026-55661 and affects tinacms 3.9.3 and @tinacms/mdx 2.1.7 as fixed versions
  • confirmed upstream PR [GHSA-gp2f-7wcm-5fhx] Craft CMS has Cloud Metadata SSRF Protection Bypass via DNS Rebinding #7056 is merged
  • confirmed the tinacms@3.9.3 and @tinacms/mdx@2.1.7 source tag URLs return HTTP 200
  • confirmed both fixed tags dereference to the same fixed source commit
  • confirmed the tinacms@3.9.2...tinacms@3.9.3 and @tinacms/mdx@2.1.6...@tinacms/mdx@2.1.7 comparisons contain the merged security PR commit
  • confirmed npm has tinacms 3.9.3 and @tinacms/mdx 2.1.7 package metadata with tarball integrity data
  • confirmed NVD returns CVE-2026-55661 with status Deferred
  • ran jq empty on the advisory JSON
  • ran git diff --check

@github-actions github-actions Bot changed the base branch from main to cookesan/advisory-improvement-8592 July 7, 2026 11:23
@cookesan cookesan force-pushed the tinacms-55661-nvd-reference branch from a369994 to a910072 Compare July 7, 2026 12:42
@cookesan cookesan changed the title Add TinaCMS NVD reference Add TinaCMS fixed source tag references Jul 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant