Security leak in _.template, please update

[jgonggrijp]

We were notified of a security issue in _.template, which appears to have existed since Underscore version 1.3.2. The bug was fixed in version 1.12.1 and 1.13.0-2, which I just published. If using NPM, please upgrade to underscore@latest or underscore@preview.

[willdurand]

@jgonggrijp where is the 1.12.1 tag?

[jgonggrijp]

@willdurand I intentionally postponed pushing that in order to give people who want to exploit the leak less to go on. I'll let you know when I push it.

[willdurand]

thanks

[jgonggrijp]

@willdurand The tag is online now.