Posted on 05/21/2020 10:08:13 AM PDT by dayglored
About the security content of Xcode 11.5
This document describes the security content of Xcode 11.5
About Apple security updates
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.
Apple security documents reference vulnerabilities by CVE-ID when possible.
For more information about security, see the Apple Product Security page.
Xcode 11.5
Released May 20, 2020
Git
Available for: macOS Catalina 10.15.2 and later
Impact: A crafted git URL that contains a newline in it may cause credential information to be provided for the wrong host
Description: This issue was addressed by forbidding a newline character in any value passed via the credential protocol.
CVE-2020-11008: Carlo Arenas
Apple *ping*
Xcode...
If it were any better Apple wouldn’t give it to you,
If it were any worse, you wouldn’t use it.
Now, now... Apple has been "giving away" operating system and software development software for decades.
In the case of Xcode, I presume it's what Apple uses internally anyway, so giving it away is an incentive for developers to work on Apple gear. They'd be insane to charge for it.
Microsoft gives away Visual Studio now too. I always liked it better than Xcode anyway.
Then again it may have been Objective-C that I really didn’t like.
Objective-C could make a rose smell like a turd.
I've never much cottoned to these newfangled languages. They make it so you can hardly do anything interesting or dangerous. It's like trying to do fine technical work with a pair of kindergarten scissors with the rounded points.
I learned to program in FORTRAN, picked up a handful of ASM for small computers, and some years later I fell in love with K&R C (ANSI C is okay). Every language after that has been a cascading flood of well-meaning but annoying crap.
Besides, a Real Programmer can write FORTRAN code in -any- language, right? :-)
Objective C was really strange. Most calls need to be preceded by a memory allocation.
I learned 8-10 hard core languages over the years plus a dozen scripting languages.
If you want to see a bullshit tool look at Mendix.
Python is probably the best thought out tool.
WPF was my biggest challenge. But makes a great UI.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.