NodeJS/handlebars/3.0.3

Handlebars provides the power necessary to let you build semantic templates effectively with no frustration

https://www.npmjs.com/package/handlebars
MIT

13 Security Vulnerabilities

Arbitrary Code Execution in handlebars

Published date: 2020-09-04T14:57:38Z
Links:

Versions of handlebars prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).

The following template can be used to demonstrate the vulnerability:
{{#with "constructor"}} {{#with split as |a|}} {{pop (push "alert('Vulnerable Handlebars JS');")}} {{#with (concat (lookup join (slice 0 1)))}} {{#each (slice 2 3)}} {{#with (apply 0 a)}} {{.}} {{/with}} {{/each}} {{/with}} {{/with}} {{/with}}

Recommendation

Upgrade to version 3.0.8, 4.5.2 or later.

Affected versions: ["4.0.0", "4.0.1", "4.0.2", "4.0.3", "4.0.4", "4.0.5", "4.0.6", "4.0.7", "4.0.8", "4.0.9", "4.0.10", "4.0.11", "4.0.12", "4.1.0", "4.0.13", "4.1.1", "4.1.2", "4.0.14", "4.1.2-0", "4.2.0", "4.2.1", "4.3.0", "4.3.1", "4.3.2", "4.3.3", "4.3.4", "4.4.0", "4.4.1", "4.3.5", "4.2.2", "4.4.2", "4.4.3", "4.4.4", "4.4.5", "4.5.0", "4.5.1", "1.0.6", "1.0.6-2", "1.0.7", "1.0.8", "1.0.9", "1.0.10", "1.0.11", "1.0.12", "1.1.0", "1.1.1", "1.1.2", "1.2.0", "1.2.1", "1.3.0", "2.0.0-alpha.1", "2.0.0-alpha.2", "2.0.0-alpha.3", "2.0.0-alpha.4", "2.0.0-beta.1", "2.0.0", "3.0.0", "3.0.1", "3.0.2", "3.0.3", "1.0.2-beta", "1.0.4-beta", "1.0.5-beta", "3.0.4", "3.0.5", "3.0.6", "3.0.7"]
Secure versions: [4.7.7, 4.7.8]
Recommendation: Update to version 4.7.8.

Arbitrary Code Execution in Handlebars

Published date: 2022-02-10T20:38:19Z
CVE: CVE-2019-20920
Links:

Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim's browser (effectively serving as XSS).

Affected versions: ["4.0.0", "4.0.1", "4.0.2", "4.0.3", "4.0.4", "4.0.5", "4.0.6", "4.0.7", "4.0.8", "4.0.9", "4.0.10", "4.0.11", "4.0.12", "4.1.0", "4.0.13", "4.1.1", "4.1.2", "4.0.14", "4.1.2-0", "4.2.0", "4.2.1", "4.3.0", "4.3.1", "4.3.2", "4.3.3", "4.3.4", "4.4.0", "4.4.1", "4.3.5", "4.2.2", "4.4.2", "4.4.3", "4.4.4", "4.4.5", "4.5.0", "4.5.1", "4.5.2", "1.0.6", "1.0.6-2", "1.0.7", "1.0.8", "1.0.9", "1.0.10", "1.0.11", "1.0.12", "1.1.0", "1.1.1", "1.1.2", "1.2.0", "1.2.1", "1.3.0", "2.0.0-alpha.1", "2.0.0-alpha.2", "2.0.0-alpha.3", "2.0.0-alpha.4", "2.0.0-beta.1", "2.0.0", "3.0.0", "3.0.1", "3.0.2", "3.0.3", "1.0.2-beta", "1.0.4-beta", "1.0.5-beta", "3.0.4", "3.0.5", "3.0.6", "3.0.7"]
Secure versions: [4.7.7, 4.7.8]
Recommendation: Update to version 4.7.8.

Remote code execution in Handlebars.js

Published date: 2019-07-15T19:46:01Z
Links:

Handlebars.js before 4.1.0 has Remote Code Execution (RCE)

Affected versions: ["1.0.6", "1.0.6-2", "1.0.7", "1.0.8", "1.0.9", "1.0.10", "1.0.11", "1.0.12", "1.1.0", "1.1.1", "1.1.2", "1.2.0", "1.2.1", "1.3.0", "2.0.0-alpha.1", "2.0.0-alpha.2", "2.0.0-alpha.3", "2.0.0-alpha.4", "2.0.0-beta.1", "2.0.0", "3.0.0", "3.0.1", "3.0.2", "3.0.3", "4.0.0", "4.0.1", "4.0.2", "4.0.3", "4.0.4", "4.0.5", "4.0.6", "4.0.7", "4.0.8", "4.0.9", "4.0.10", "4.0.11", "1.0.2-beta", "1.0.4-beta", "1.0.5-beta", "4.0.12", "3.0.4", "3.0.5", "3.0.6", "4.0.13", "4.0.14", "3.0.7", "3.0.8"]
Secure versions: [4.7.7, 4.7.8]
Recommendation: Update to version 4.7.8.

Prototype Pollution in handlebars

Published date: 2022-02-10T23:51:42Z
CVE: CVE-2021-23383
Links:

The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.

Affected versions: ["1.0.6", "1.0.6-2", "1.0.7", "1.0.8", "1.0.9", "1.0.10", "1.0.11", "1.0.12", "1.1.0", "1.1.1", "1.1.2", "1.2.0", "1.2.1", "1.3.0", "2.0.0-alpha.1", "2.0.0-alpha.2", "2.0.0-alpha.3", "2.0.0-alpha.4", "2.0.0-beta.1", "2.0.0", "3.0.0", "3.0.1", "3.0.2", "3.0.3", "4.0.0", "4.0.1", "4.0.2", "4.0.3", "4.0.4", "4.0.5", "4.0.6", "4.0.7", "4.0.8", "4.0.9", "4.0.10", "4.0.11", "1.0.2-beta", "1.0.4-beta", "1.0.5-beta", "4.0.12", "3.0.4", "3.0.5", "3.0.6", "4.1.0", "4.0.13", "4.1.1", "4.1.2", "4.0.14", "3.0.7", "4.1.2-0", "4.2.0", "4.2.1", "4.3.0", "4.3.1", "4.3.2", "4.3.3", "4.3.4", "4.4.0", "4.4.1", "4.3.5", "4.2.2", "4.4.2", "4.4.3", "4.4.4", "4.4.5", "4.5.0", "4.5.1", "4.5.2", "4.5.3", "4.6.0", "4.7.0", "4.7.1", "4.7.2", "4.7.3", "3.0.8", "4.7.4", "4.7.5", "4.7.6"]
Secure versions: [4.7.7, 4.7.8]
Recommendation: Update to version 4.7.8.

Cross-Site Scripting in handlebars

Published date: 2018-10-23T17:20:12Z
CVE: CVE-2015-8861
Links:

Versions of handlebars prior to 4.0.0 are affected by a cross-site scripting vulnerability when attributes in handlebar templates are not quoted.

Proof of Concept

Template: <a href={{foo}}/>

Input: { 'foo' : 'test.com onload=alert(1)'}

Rendered result: <a href=test.com onload=alert(1)/>

Recommendation

Update to version 4.0.0 or later. Alternatively, ensure that all attributes in handlebars templates are encapsulated with quotes.

Affected versions: ["1.0.6", "1.0.6-2", "1.0.7", "1.0.8", "1.0.9", "1.0.10", "1.0.11", "1.0.12", "1.1.0", "1.1.1", "1.1.2", "1.2.0", "1.2.1", "1.3.0", "2.0.0-alpha.1", "2.0.0-alpha.2", "2.0.0-alpha.3", "2.0.0-alpha.4", "2.0.0-beta.1", "2.0.0", "3.0.0", "3.0.1", "3.0.2", "3.0.3", "1.0.2-beta", "1.0.4-beta", "1.0.5-beta", "3.0.4", "3.0.5", "3.0.6", "3.0.7", "3.0.8"]
Secure versions: [4.7.7, 4.7.8]
Recommendation: Update to version 4.7.8.

Remote code execution in handlebars when compiling templates

Published date: 2021-05-06T15:57:44Z
CVE: CVE-2021-23369
Links:

The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.

Affected versions: ["1.0.6", "1.0.6-2", "1.0.7", "1.0.8", "1.0.9", "1.0.10", "1.0.11", "1.0.12", "1.1.0", "1.1.1", "1.1.2", "1.2.0", "1.2.1", "1.3.0", "2.0.0-alpha.1", "2.0.0-alpha.2", "2.0.0-alpha.3", "2.0.0-alpha.4", "2.0.0-beta.1", "2.0.0", "3.0.0", "3.0.1", "3.0.2", "3.0.3", "4.0.0", "4.0.1", "4.0.2", "4.0.3", "4.0.4", "4.0.5", "4.0.6", "4.0.7", "4.0.8", "4.0.9", "4.0.10", "4.0.11", "1.0.2-beta", "1.0.4-beta", "1.0.5-beta", "4.0.12", "3.0.4", "3.0.5", "3.0.6", "4.1.0", "4.0.13", "4.1.1", "4.1.2", "4.0.14", "3.0.7", "4.1.2-0", "4.2.0", "4.2.1", "4.3.0", "4.3.1", "4.3.2", "4.3.3", "4.3.4", "4.4.0", "4.4.1", "4.3.5", "4.2.2", "4.4.2", "4.4.3", "4.4.4", "4.4.5", "4.5.0", "4.5.1", "4.5.2", "4.5.3", "4.6.0", "4.7.0", "4.7.1", "4.7.2", "4.7.3", "3.0.8", "4.7.4", "4.7.5", "4.7.6"]
Secure versions: [4.7.7, 4.7.8]
Recommendation: Update to version 4.7.8.

Moderate severity vulnerability that affects handlebars

Published date: 2017-10-24T18:33:36Z
CVE: CVE-2015-8861
Links:

Withdrawn: Duplicate of GHSA-9prh-257w-9277

Affected versions: ["1.0.6", "1.0.6-2", "1.0.7", "1.0.8", "1.0.9", "1.0.10", "1.0.11", "1.0.12", "1.1.0", "1.1.1", "1.1.2", "1.2.0", "1.2.1", "1.3.0", "2.0.0-alpha.1", "2.0.0-alpha.2", "2.0.0-alpha.3", "2.0.0-alpha.4", "2.0.0-beta.1", "2.0.0", "3.0.0", "3.0.1", "3.0.2", "3.0.3", "1.0.2-beta", "1.0.4-beta", "1.0.5-beta", "3.0.4", "3.0.5", "3.0.6", "3.0.7", "3.0.8"]
Secure versions: [4.7.7, 4.7.8]
Recommendation: Update to version 4.7.8.

Prototype Pollution in handlebars

Published date: 2020-09-04T15:06:32Z
Links:

Versions of handlebars prior to 3.0.8 or 4.5.3 are vulnerable to prototype pollution. It is possible to add or modify properties to the Object prototype through a malicious template. This may allow attackers to crash the application or execute Arbitrary Code in specific conditions.

Recommendation

Upgrade to version 3.0.8, 4.5.3 or later.

Affected versions: ["4.0.0", "4.0.1", "4.0.2", "4.0.3", "4.0.4", "4.0.5", "4.0.6", "4.0.7", "4.0.8", "4.0.9", "4.0.10", "4.0.11", "4.0.12", "4.1.0", "4.0.13", "4.1.1", "4.1.2", "4.0.14", "4.1.2-0", "4.2.0", "4.2.1", "4.3.0", "4.3.1", "4.3.2", "4.3.3", "4.3.4", "4.4.0", "4.4.1", "4.3.5", "4.2.2", "4.4.2", "4.4.3", "4.4.4", "4.4.5", "4.5.0", "4.5.1", "4.5.2", "1.0.6", "1.0.6-2", "1.0.7", "1.0.8", "1.0.9", "1.0.10", "1.0.11", "1.0.12", "1.1.0", "1.1.1", "1.1.2", "1.2.0", "1.2.1", "1.3.0", "2.0.0-alpha.1", "2.0.0-alpha.2", "2.0.0-alpha.3", "2.0.0-alpha.4", "2.0.0-beta.1", "2.0.0", "3.0.0", "3.0.1", "3.0.2", "3.0.3", "1.0.2-beta", "1.0.4-beta", "1.0.5-beta", "3.0.4", "3.0.5", "3.0.6", "3.0.7"]
Secure versions: [4.7.7, 4.7.8]
Recommendation: Update to version 4.7.8.

Arbitrary Code Execution in handlebars

Published date: 2020-09-04T15:07:38Z
Links:

Versions of handlebars prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a previous issue. This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting).

Recommendation

Upgrade to version 3.0.8, 4.5.3 or later.

Affected versions: ["4.0.0", "4.0.1", "4.0.2", "4.0.3", "4.0.4", "4.0.5", "4.0.6", "4.0.7", "4.0.8", "4.0.9", "4.0.10", "4.0.11", "4.0.12", "4.1.0", "4.0.13", "4.1.1", "4.1.2", "4.0.14", "4.1.2-0", "4.2.0", "4.2.1", "4.3.0", "4.3.1", "4.3.2", "4.3.3", "4.3.4", "4.4.0", "4.4.1", "4.3.5", "4.2.2", "4.4.2", "4.4.3", "4.4.4", "4.4.5", "4.5.0", "4.5.1", "4.5.2", "1.0.6", "1.0.6-2", "1.0.7", "1.0.8", "1.0.9", "1.0.10", "1.0.11", "1.0.12", "1.1.0", "1.1.1", "1.1.2", "1.2.0", "1.2.1", "1.3.0", "2.0.0-alpha.1", "2.0.0-alpha.2", "2.0.0-alpha.3", "2.0.0-alpha.4", "2.0.0-beta.1", "2.0.0", "3.0.0", "3.0.1", "3.0.2", "3.0.3", "1.0.2-beta", "1.0.4-beta", "1.0.5-beta", "3.0.4", "3.0.5", "3.0.6", "3.0.7"]
Secure versions: [4.7.7, 4.7.8]
Recommendation: Update to version 4.7.8.

Prototype Pollution in handlebars

Published date: 2019-06-05T14:07:48Z
Links:

Versions of handlebars prior to 4.0.14 are vulnerable to Prototype Pollution. Templates may alter an Objects' prototype, thus allowing an attacker to execute arbitrary code on the server.

Recommendation

For handlebars 4.1.x upgrade to 4.1.2 or later. For handlebars 4.0.x upgrade to 4.0.14 or later.

Affected versions: ["1.0.6", "1.0.6-2", "1.0.7", "1.0.8", "1.0.9", "1.0.10", "1.0.11", "1.0.12", "1.1.0", "1.1.1", "1.1.2", "1.2.0", "1.2.1", "1.3.0", "2.0.0-alpha.1", "2.0.0-alpha.2", "2.0.0-alpha.3", "2.0.0-alpha.4", "2.0.0-beta.1", "2.0.0", "3.0.0", "3.0.1", "3.0.2", "3.0.3", "1.0.2-beta", "1.0.4-beta", "1.0.5-beta", "3.0.4", "3.0.5", "3.0.6", "4.0.0", "4.0.1", "4.0.2", "4.0.3", "4.0.4", "4.0.5", "4.0.6", "4.0.7", "4.0.8", "4.0.9", "4.0.10", "4.0.11", "4.0.12", "4.0.13", "4.1.0", "4.1.1", "4.1.2-0"]
Secure versions: [4.7.7, 4.7.8]
Recommendation: Update to version 4.7.8.

Prototype Pollution in handlebars

Published date: 2019-12-26T17:58:13Z
CVE: CVE-2019-19919
Links:

Versions of handlebars prior to 3.0.8 or 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Objects' __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads.

Recommendation

Upgrade to version 3.0.8, 4.3.0 or later.

Affected versions: ["1.0.6", "1.0.6-2", "1.0.7", "1.0.8", "1.0.9", "1.0.10", "1.0.11", "1.0.12", "1.1.0", "1.1.1", "1.1.2", "1.2.0", "1.2.1", "1.3.0", "2.0.0-alpha.1", "2.0.0-alpha.2", "2.0.0-alpha.3", "2.0.0-alpha.4", "2.0.0-beta.1", "2.0.0", "3.0.0", "3.0.1", "3.0.2", "3.0.3", "1.0.2-beta", "1.0.4-beta", "1.0.5-beta", "3.0.4", "3.0.5", "3.0.6", "3.0.7", "4.0.0", "4.0.1", "4.0.2", "4.0.3", "4.0.4", "4.0.5", "4.0.6", "4.0.7", "4.0.8", "4.0.9", "4.0.10", "4.0.11", "4.0.12", "4.1.0", "4.0.13", "4.1.1", "4.1.2", "4.0.14", "4.1.2-0", "4.2.0", "4.2.1", "4.2.2"]
Secure versions: [4.7.7, 4.7.8]
Recommendation: Update to version 4.7.8.

Denial of Service

Published date: 2020-04-27
CVSS Score: 6.5
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Links:

Crash Node.js process from handlebars using a small and simple source

Affected versions: ["1.0.6", "1.0.6-2", "1.0.7", "1.0.8", "1.0.9", "1.0.10", "1.0.11", "1.0.12", "1.1.0", "1.1.1", "1.1.2", "1.2.0", "1.2.1", "1.3.0", "2.0.0-alpha.1", "2.0.0-alpha.2", "2.0.0-alpha.3", "2.0.0-alpha.4", "2.0.0-beta.1", "2.0.0", "3.0.0", "3.0.1", "3.0.2", "3.0.3", "4.0.0", "4.0.1", "4.0.2", "4.0.3", "4.0.4", "4.0.5", "4.0.6", "4.0.7", "4.0.8", "4.0.9", "4.0.10", "4.0.11", "1.0.2-beta", "1.0.4-beta", "1.0.5-beta", "4.0.12", "3.0.4", "3.0.5", "3.0.6", "4.1.0", "4.0.13", "4.1.1", "4.1.2", "4.0.14", "3.0.7", "4.1.2-0", "4.2.0", "4.2.1", "4.3.0", "4.3.1", "4.3.2", "4.3.3", "4.3.4", "4.4.0", "4.4.1", "4.3.5", "4.2.2", "4.4.2", "4.4.3", "4.4.4", "4.4.5", "4.5.0", "4.5.1", "4.5.2", "4.5.3", "3.0.8"]
Secure versions: [4.7.7, 4.7.8]
Recommendation: Update handlebars module to version >=4.6.0

Quoteless Attributes in Templates can lead to Content Injection

Published date: 2015-12-14
CVEs: ["CVE-2015-8861"]
CVSS Score: 5.3
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Coordinating vendor: ^Lift Security
Links:

Not using quotes around your attributes in handlebar templates, could lead to content injection.

Example

Template: <a href={{foo}}/>

Input: { 'foo' : 'test.com onload=alert(1)'}

Rendered result: <a href=test.com onload=alert(1)/>

Affected versions: ["1.0.6", "1.0.6-2", "1.0.7", "1.0.8", "1.0.9", "1.0.10", "1.0.11", "1.0.12", "1.1.0", "1.1.1", "1.1.2", "1.2.0", "1.2.1", "1.3.0", "2.0.0-alpha.1", "2.0.0-alpha.2", "2.0.0-alpha.3", "2.0.0-alpha.4", "2.0.0-beta.1", "2.0.0", "3.0.0", "3.0.1", "3.0.2", "3.0.3", "1.0.2-beta", "1.0.4-beta", "1.0.5-beta", "3.0.4", "3.0.5", "3.0.6", "3.0.7", "3.0.8"]
Secure versions: [4.7.7, 4.7.8]
Recommendation: If you are unable to upgrade to version 4.0.0 or greater you can add quotes to your attributes in your handlebar templates.

80 Other Versions

Version License Security Released
4.7.8 MIT 2023-08-01 - 21:19 9 months
4.7.7 MIT 2021-02-15 - 09:39 about 3 years
4.7.6 MIT 2 2020-04-03 - 17:59 about 4 years
4.7.5 MIT 2 2020-04-02 - 19:10 about 4 years
4.7.4 MIT 2 2020-04-01 - 17:21 about 4 years
4.7.3 MIT 2 2020-02-05 - 05:11 about 4 years
4.7.2 MIT 2 2020-01-13 - 20:53 over 4 years
4.7.1 MIT 2 2020-01-12 - 12:21 over 4 years
4.7.0 MIT 2 2020-01-10 - 16:24 over 4 years
4.6.0 MIT 2 2020-01-08 - 22:45 over 4 years
4.5.3 MIT 3 2019-11-18 - 07:11 over 4 years
4.5.2 MIT 6 2019-11-13 - 21:08 over 4 years
4.5.1 MIT 7 2019-10-29 - 04:42 over 4 years
4.5.0 MIT 7 2019-10-28 - 18:48 over 4 years
4.4.5 MIT 7 2019-10-20 - 21:08 over 4 years
4.4.4 MIT 9 2019-10-20 - 19:35 over 4 years
4.4.3 MIT 9 2019-10-08 - 20:06 over 4 years
4.4.2 MIT 9 2019-10-02 - 20:47 over 4 years
4.4.1 MIT 9 2019-10-02 - 19:53 over 4 years
4.4.0 MIT 9 2019-09-29 - 13:30 over 4 years
4.3.5 MIT 9 2019-10-02 - 20:06 over 4 years
4.3.4 MIT 9 2019-09-28 - 11:37 over 4 years
4.3.3 MIT 9 2019-09-27 - 05:47 over 4 years
4.3.2 MIT 9 2019-09-26 - 21:59 over 4 years
4.3.1 MIT 9 2019-09-24 - 22:35 over 4 years
4.3.0 MIT 9 2019-09-24 - 06:11 over 4 years
4.2.2 MIT 10 2019-10-02 - 20:13 over 4 years
4.2.1 MIT 10 2019-09-20 - 17:41 over 4 years
4.2.0 MIT 10 2019-09-03 - 19:58 over 4 years
4.1.2 MIT 10 2019-04-13 - 14:20 about 5 years
4.1.2-0 MIT 11 2019-08-25 - 16:07 over 4 years
4.1.1 MIT 11 2019-03-16 - 21:29 about 5 years
4.1.0 MIT 11 2019-02-07 - 09:48 about 5 years
4.0.14 MIT 11 2019-04-13 - 14:39 about 5 years
4.0.13 MIT 12 2019-02-07 - 10:28 about 5 years
4.0.12 MIT 12 2018-09-04 - 18:46 over 5 years
4.0.11 MIT 12 2017-10-17 - 20:53 over 6 years
4.0.10 MIT 12 2017-05-21 - 12:11 almost 7 years
4.0.9 MIT 12 2017-05-21 - 11:40 almost 7 years
4.0.8 MIT 12 2017-05-02 - 20:56 almost 7 years
4.0.7 MIT 12 2017-04-29 - 20:54 almost 7 years
4.0.6 MIT 12 2016-11-13 - 01:27 over 7 years
4.0.5 MIT 12 2015-11-20 - 05:07 over 8 years
4.0.4 MIT 12 2015-10-29 - 06:57 over 8 years
4.0.3 MIT 12 2015-09-24 - 03:41 over 8 years
4.0.2 MIT 12 2015-09-04 - 14:13 over 8 years
4.0.1 MIT 12 2015-09-03 - 02:21 over 8 years
4.0.0 MIT 12 2015-09-01 - 13:19 over 8 years
3.0.8 MIT 7 2020-02-23 - 10:02 about 4 years
3.0.7 MIT 12 2019-06-30 - 08:54 almost 5 years
3.0.6 MIT 13 2019-01-02 - 09:19 over 5 years
3.0.5 MIT 13 2018-12-15 - 13:16 over 5 years
3.0.4 MIT 13 2018-12-15 - 12:55 over 5 years
3.0.3 MIT 13 2015-04-28 - 19:52 almost 9 years
3.0.2 MIT 13 2015-04-20 - 08:11 about 9 years
3.0.1 MIT 13 2015-03-24 - 19:22 about 9 years
3.0.0 MIT 13 2015-02-10 - 06:19 about 9 years
2.0.0 MIT 13 2014-09-02 - 02:28 over 9 years
2.0.0-beta.1 MIT 13 2014-08-26 - 23:56 over 9 years
2.0.0-alpha.4 MIT 13 2014-05-20 - 04:15 almost 10 years
2.0.0-alpha.3 MIT 13 2014-05-20 - 03:29 almost 10 years
2.0.0-alpha.2 MIT 13 2014-03-06 - 07:29 about 10 years
2.0.0-alpha.1 MIT 13 2014-02-10 - 08:13 about 10 years
1.3.0 MIT 13 2014-01-02 - 04:10 over 10 years
1.2.1 MIT 13 2013-12-26 - 22:29 over 10 years
1.2.0 MIT 13 2013-12-24 - 03:40 over 10 years
1.1.2 BSD 13 2013-11-06 - 00:10 over 10 years
1.1.1 BSD 13 2013-11-04 - 16:51 over 10 years
1.1.0 BSD 13 2013-11-04 - 03:26 over 10 years
1.0.12 MIT 13 2013-05-31 - 18:17 almost 11 years
1.0.11 MIT 13 2013-05-14 - 04:09 almost 11 years
1.0.10 MIT 13 2013-02-27 - 13:52 about 11 years
1.0.9 MIT 13 2013-02-16 - 01:42 about 11 years
1.0.8 MIT 13 2013-01-19 - 08:16 over 11 years
1.0.7 MIT 13 2012-09-18 - 00:27 over 11 years
1.0.6 MIT 13 2012-07-23 - 20:40 almost 12 years
1.0.6-2 MIT 13 2012-07-31 - 16:51 over 11 years
1.0.5-beta MIT 13 2012-02-09 - 17:06 about 12 years
1.0.4-beta MIT 13 2012-01-17 - 20:31 over 12 years
1.0.2-beta MIT 13 2011-08-22 - 07:43 over 12 years