Security Issue [Denial of Service]

[axago]

Remediation : Upgrade to version 4.4.5 or later.

[UziTech]

PR #267 should fix this

[audiBookning]

Is this project abandoned?
I ask this because the above simple PR has no answers for so much time.
I do appreciate the work done here, but i feel that i have to look somewhere else for a solution.

Nonetheless thanks for all the effort put in here that have no doubt benefited so many people.

[BillGR17]

I am running npm v6.13.4
I dont see any security issues with express-hadlebars
handlebars appears to be updating to latest by default

[audiBookning]

True. It would pass since package.json has in the dependencies: "handlebars": "^4.1.2".

I was talking about the lack of feedback on this and others issues, since some month ago.
I was asking: Is the package totally "in the wild"?

I was making a side comment, not wanting to create a whole new issue for that and also not seeking to overextend and sidetrack too much the goal of this one. Sorry it seem it was badly executed, since it was just a ping to the package devs or maintainers.

[BillGR17]

I get what you are saying now.
I don't know the answer to that question sorry.