Merge pull request #1731 from segmentio/DOC-247_CVE

markzegarelli · web-flow · commit b827cdffce3b · 2021-07-13T11:14:55.000-07:00
DOC 247 CVE
diff --git a/_config.yml b/_config.yml
@@ -55,4 +55,16 @@ algolia:
   index_name:     segment-docs
   files_to_exclude:
     - _release_notes/*
+    - utils/*
   nodes_to_index: 'p, table#limit'
+  settings:
+    customRanking:
+      - desc(title)
+      - desc(custom_ranking.heading)
+      - asc(custom_ranking.position)
+    attributesForFaceting:
+      - searchable(categories)
+      - searchable(hidden)
+      - searchable(tags)
+      - searchable(title)
+      - type
diff --git a/src/_release_notes/2021-07-13-CVE-2021-36716.md b/src/_release_notes/2021-07-13-CVE-2021-36716.md
@@ -0,0 +1,15 @@
+---
+title: CVE-2021-36716 - A ReDoS (Regular Expression Denial of Service)
+description: |
+  A ReDoS (Regular Expression Denial of Service) flaw was identified within the segment “is-email” package prior to version 1.0.1 for Node.js and web browsers as client side code.
+
+  An Attacker that can provide crafted input to the `isEmail(input)` function may cause an application to consume an excessive amount of CPU.
+
+  Credit to Yeting Li for identifying and reporting the vulnerability to Segment.
+
+  The latest version of “is-email” is available in the [segmentio/is-email repository](https://github.com/segmentio/is-email).
+release_type: patch
+product_area: package
+business: false
+team: false
+---
