… | |
… | |
50 | TODO: printf "\e[4:3m" - "undercurl" - should probbaly be interpreted as underline, rather than \e[43m |
50 | TODO: printf "\e[4:3m" - "undercurl" - should probbaly be interpreted as underline, rather than \e[43m |
51 | TODO: click through mode / https://shallowsky.com/blog/2017/Apr/06/ |
51 | TODO: click through mode / https://shallowsky.com/blog/2017/Apr/06/ |
52 | |
52 | |
53 | - implement a fix for CVE-2022-4170 (reported and analyzed by David Leadbeater). |
53 | - implement a fix for CVE-2022-4170 (reported and analyzed by David Leadbeater). |
54 | While present in version 9.30, it should not be exploitable. It is exploitable |
54 | While present in version 9.30, it should not be exploitable. It is exploitable |
55 | in versions 9.25 and 9.26, at least, and allows anybody controlling terminal |
55 | in versions 9.25 and 9.26, at least, and allows anybody controlling output to |
56 | input to execute arbitrary code in the urxvt process. |
56 | the terminal to execute arbitrary code in the urxvt process. |
57 | - the background extension no longer requires off focus fading support |
57 | - the background extension no longer requires off focus fading support |
58 | to be compiled in. |
58 | to be compiled in. |
59 | - the confirm-paste extension now offers a choice betwene pasting the original |
59 | - the confirm-paste extension now offers a choice betwene pasting the original |
60 | or a sanitized version, and also frees up memory used to store the paste text |
60 | or a sanitized version, and also frees up memory used to store the paste text |
61 | immediately. |
61 | immediately. |