From 11d72a29eb922b67d94fdb70dfc00e08090c5bd9 Mon Sep 17 00:00:00 2001 From: Kyle Cutler Date: Tue, 7 Apr 2026 12:05:10 -0700 Subject: [PATCH 1/3] Fix path prefix checking in loose-file mode --- src/infoManagers/endpointManager.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/infoManagers/endpointManager.ts b/src/infoManagers/endpointManager.ts index b7e08d0d..76c4c99e 100644 --- a/src/infoManagers/endpointManager.ts +++ b/src/infoManagers/endpointManager.ts @@ -79,7 +79,7 @@ export class EndpointManager extends Disposable { private validPath(file: string): string | undefined { for (const item of this.validEndpointRoots.values()) { for (const fileVariations of [file, `/${file}`]) { // if it's a unix path, it will be prepended by a `/` - if (fileVariations.startsWith(item)) { + if (PathUtil.PathBeginsWith(fileVariations, item) || PathUtil.PathEquals(fileVariations, item)) { return fileVariations; } } From 7695bcdbdf943bc9a19e908762f90dee2ad619f8 Mon Sep 17 00:00:00 2001 From: Kyle Cutler Date: Mon, 11 May 2026 16:02:19 -0700 Subject: [PATCH 2/3] add CVE number --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2a7991b9..d216c3f5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## 0.4.19 (April 14, 2026) + +- Addresses [CVE-2026-41612](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41612) + ## 0.4.18 (March 30, 2026) - Reuse integrated browser tabs when `livePreview.useIntegratedBrowser` setting is enabled (requires VS Code >= 1.114.0). From f373edff0088f0bfc600d2955eb2b6d73746e3ef Mon Sep 17 00:00:00 2001 From: Kyle Cutler Date: Mon, 11 May 2026 16:05:10 -0700 Subject: [PATCH 3/3] date --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d216c3f5..de3c2fba 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Changelog -## 0.4.19 (April 14, 2026) +## 0.4.19 (May 12, 2026) - Addresses [CVE-2026-41612](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41612)