Just in case the problem passed you by, Rene "cavac" Schickbauer has a post discussing a Zlib CVE, and the implications for cpan modules:
I have done a casual grep through my local CPAN mirror (yay for local mirrors!), which has given me a list of potentially vulnerable modules. There are over 90 of them. Yes, there are probably a few false negatives and a few false positive, as i didn't have time to go over each distribution in detail.
Please…
Despite rt.cpan.org still displaying the sunset message, it is in fact not going away forever on the 1st of March, but will have an 'extended downtime' while it is moved elsewhere. In future it'd be nice if communications of such things, and even allowing others to have a say on the matter, could be handled better.
See also:
Let me preface this short post with this, I don't have the solution to this problem. Perhaps there is someone in the wider Perl space who is well placed to pick this up, but there seems to be little going on in terms of community engagement.
In the first week of 2021 I noticed a link to this sunset message for rt.cpan behind displayed on the rt.cpan homepage. Firstly I believe the notification on the page could be highlighted better, grey on grey, on a page with lots of grey isn't exactly eye catching.
At the tim…
Throwing this one out to the wider community, if anyone can assist in adding https support to strawberryperl.com that'd be great, with browsers and corporate firewalls moving towards a stricter mode of operation. An existing issue is here, with some history for those interested. Thanks in advance.