diff options
Diffstat (limited to 'README')
| -rw-r--r-- | README | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/README b/README index 42105ee8d..e3ccc70b1 100644 --- a/README +++ b/README @@ -10,9 +10,11 @@ There are minor new features as well as bug fixes since 5.0.6. Note in particular there is a security fix to disallow evaluation of the initial values of integer variables imported from the environment (they -are instead treated as literal numbers). Although no exploits are -currently known with this issue it is recommended to upgrade as soon as -possible. +are instead treated as literal numbers). That could allow local +privilege escalation, under some specific and atypical conditions where +zsh is being invoked in privilege elevation contexts when the +environment has not been properly sanitized, such as when zsh is invoked +by sudo on systems where "env_reset" has been disabled. Installing Zsh -------------- |