Request for incremental release of 0.10.x to address GO Security Vulnerabilities #830
Labels
area/misc
Impacts miscellaneous areas of the code not otherwise owned by another area.
📊 kind/community-report
This was reported by a user in the Cilium/Hubble community, eg via Slack.
Comments
kaworu
added
area/misc
|
Hubble v0.11 with updated dependencies has been released. For future reference, please share the exact CVEs are are concerned with. Not every Golang CVE affects every Go program, as far as I am aware, Hubble v0.10 is not vulnerable to any recent high-risk Golang CVE. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Current Hubble 0.10.0 contains 16 GO related CVEs. Updating Hubble to use 1.18.9 will address these CVEs that have occurred since the June 2022 release of 0.10.0. I am requesting an incremental release of 0.10.x with this issue submission. Has there been any thought to aligning Hubble incremental release cadence with that of Cilium cadence (1.12.5 came out last week and updated to 1.18.9 GO) ?
The text was updated successfully, but these errors were encountered: