lua 5.1.5 CVEs / lua 5.3 with luci
Jo-Philipp Wich
jo at mein.io
Wed Oct 26 06:52:58 PDT 2022
Hi,
all errors you quoted are occurring within Lua code. The view rendering etc.
mostly happens in JavaScript on the client side, this is why things /seem/ to
work. Many backend actions are implemented as rpcd plugins in Lua code though,
and all those seem to fail (not register with rpcd in the first place, likely
because the requested interpreter /usr/bin/lua is not there).
Newer Lua versions do have various incompatibilities with Lua 5.1 and the
deprecation of setfenv(), getfenv() in favor to _ENV will require a lot of
refactoring in LuCI framework code.
Since LuCI is in the process of migrating away from Lua, only keeping an
optional compatibility Lua runtime for legacy applications, it is unlikely
that any work will be spent to convert the framework code to later Lua versions.
~ Jo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openwrt.org/pipermail/openwrt-devel/attachments/20221026/860029b7/attachment-0001.sig>
More information about the openwrt-devel
mailing list