Today, like the last meeting a mere fortnight ago, we had no new issues to triage. (We almost had one but just before the meeting, the reporter figured out it wasn't a bug.) So instead let's talk about the release of WiX v3.11.2.
You might notice that the recording above has lots of Rob but is lacking the wit and wisdom of Sean and me. Due to unknown technical difficulties, our audio didn't show up in the recording. Still, I encourage you to watch the recording, if only to hear Rob appear to talk to himself.
Versions of WiX prior to version 3.11.2 contain a vulnerability in the DTF code that handles decompression from .zip and .cab files. If your application references Microsoft.Deployment.Compression.Cab.dll or Microsoft.Deployment.Compression.Zip.dll to decompress arbitrary cabinet or zip files to disk, you should upgrade to avoid the vulnerability.
You can download WiX v3.11.2 here.
The fix is also available in the latest development release of WiX v3.14.