layout: post
title: "Another security advisory -- Additional CPU amplification case"
author: kentonv

Unfortunately, it turns out that our fix for one of the security advisories issued on Monday was not complete.

Fortunately, the incomplete fix is for the non-critical vulnerability. The worst case is that an attacker could consume excessive CPU time.

Nevertheless, we've issued a new advisory and pushed a new release:

• Release 0.5.1.2: source, win32
• Release 0.4.1.2: source

Sorry for the rapid repeated releases, but we don't like sitting on security bugs.