From 2a28d2d0830032f498a2348d0c9c42b9d6e245b7 Mon Sep 17 00:00:00 2001
From: Sebastian Hildebrandt <hildebrandt@plus-innovations.com>
Date: Sun, 15 Feb 2026 09:08:35 +0100
Subject: [PATCH] versions() fix Command Injection issue (linux), added
 smartmontools support (macOS)

---
 CHANGELOG.md       |  2 +-
 docs/history.html  |  2 +-
 docs/index.html    |  2 +-
 docs/security.html | 15 +++++++++++++++
 4 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b4474f8..1479424 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -91,7 +91,7 @@ For major (breaking) changes - **version 4, 3 and 2** - see end of page.
 
 | Version | Date       | Comment                                                                                             |
 | ------- | ---------- | --------------------------------------------------------------------------------------------------- |
-| 5.31.0  | 2026-02-15 | `diskLayout()` added smartmontools support (macOS)                                                  |
+| 5.31.0  | 2026-02-15 | `diskLayout()` added smartmontools support (macOS), `versions()` command injection issue (linux)    |
 | 5.30.8  | 2026-02-14 | `wifiNetworks()` fixed CWE-78 command injection issue (linux)                                       |
 | 5.30.7  | 2026-01-31 | `networkInterfaces()` fixed getWindowsIEEE8021x issue (windows)                                     |
 | 5.30.6  | 2026-01-22 | `graphics()` improved nvidia-smi detection (windows)                                                |
diff --git a/docs/history.html b/docs/history.html
index a7d6d18..7033c43 100644
--- a/docs/history.html
+++ b/docs/history.html
@@ -61,7 +61,7 @@
                       <th scope="row">5.31.0
                       </th>
                       <td>2026-02-15</td>
-                      <td><span class="code">diskLayout()</span> added smartmontools support (macOS)</td>
+                      <td><span class="code">diskLayout()</span> added smartmontools support (macOS), <span class="code">versions()</span> fix command injection</td>
                     </tr>
                     <tr>
                       <th scope="row">5.30.8
diff --git a/docs/index.html b/docs/index.html
index 1c8bef0..b6a2052 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -166,7 +166,7 @@
 <body>
   <header class="bg-image-full">
     <div class="top-container">
-      <a href="security.html" class="recommendation">Security advisory:<br>Update to v5.30.8</a>
+      <a href="security.html" class="recommendation">Security advisory:<br>Update to v5.31.0</a>
       <img class="logo" src="assets/logo.png" alt="logo">
       <div class="title">systeminformation</div>
       <div class="subtitle"><span id="typed"></span>&nbsp;</div>
diff --git a/docs/security.html b/docs/security.html
index 30e7a22..6cbdb25 100644
--- a/docs/security.html
+++ b/docs/security.html
@@ -44,6 +44,21 @@
             <div class="col-12 sectionheader">
               <div class="title">Security Advisories</div>
               <div class="text">
+                <h2>versions() Command Injection Vulnerability</h2>
+                <p><span class="bold">Affected versions:</span>
+                  &lt; 5.31.0<br>
+                  <span class="bold">Date:</span> 2026-02-15<br>
+                  <span class="bold">CVE indentifier</span> ...
+                </p>
+
+                <h4>Impact</h4>
+                <p>We had an issue that there was a possibility to perform a potential command injection possibility by craft the malicious file path for postgres that is then used in <span class="code">versions()</span> on linux machines.</p>
+
+                <h4>Patch</h4>
+                <p>Problem was fixed with parameter checking and execFile. If you are using version 5, please upgrade to version >= 5.31.0.</p>
+                <hr>
+                <br>
+
                 <h2>wifiNetworks Command Injection Vulnerability</h2>
                 <p><span class="bold">Affected versions:</span>
                   &lt; 5.30.8<br>