Pinned vulnerable version of crypto library #2078
Assignees
Labels
type: bug
Error or flaw in code with unintended results or allowing sub-optimal usage patterns.
Comments
aebrahim
added
the
type: bug
|
Version bump has been merged for the crypto dep. This will go out in our next release which will be early/middle of January as we are currently in a holiday release freeze. |
|
@jackwotherspoon thank you for the prompt fix and clear response. I just wanted to let you know that your attention to detail for these open source proxy repositories is a big part of why our team remains confident in using Google Cloud SQL. |
|
@aebrahim Thanks for the kind words. Always our pleasure to help maintain and contribute to Cloud SQL and its users 😄 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Bug Description
This pins
golang.org/x/crypto v0.16.0which is vulnerable to GHSA-45x7-px36-x8w8 / CVE-2023-48795Please merge #2077 to upgrade the dependency.
Example code (or command)
No response
Stacktrace
No response
Steps to reproduce?
Environment
focalon a Google Cloud Workstation)cloud-sql-proxy version 2.8.1+containerAdditional Details
No response
The text was updated successfully, but these errors were encountered: