-
Notifications
You must be signed in to change notification settings - Fork 409
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Please upgrade Go runtime (>= 1.19.7) to fix security vulnerabilities #1026
Comments
Thanks, @jhauglid, for the information. The issue has been fixed. Please feel free to reopen if any problem occurs. |
Has the binary in I just installed/upgraded it and it still shows
|
Oh, Sorry, my bad, It will come in up coming release. |
Thanks, do you have a rough timeline? days, weeks? |
We usually do a release at month's end. So the next release is expected on April end. |
Is it possible to do an extra release for this security issue? |
Sorry, it will be done at month end only. |
Please refer new release - https://github.com/GoogleCloudPlatform/gcsfuse/releases/tag/v0.42.4 |
The currently used version of the Go runtime (1.19.5) have several high severity security vulnerabilities that can be detected by scanners such as the Google Artifact Registry scanner.
Here's a list of issues:
https://security-tracker.debian.org/tracker/CVE-2022-41724
https://security-tracker.debian.org/tracker/CVE-2022-41725
https://security-tracker.debian.org/tracker/CVE-2023-24532
https://security-tracker.debian.org/tracker/CVE-2022-41723
All of these have been fixed in 1.19.7.
Please consider upgrading.
The text was updated successfully, but these errors were encountered: