Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix for CVE-2021-3121 #7

Merged
merged 2 commits into from
Apr 23, 2022
Merged

Fix for CVE-2021-3121 #7

merged 2 commits into from
Apr 23, 2022

Conversation

satadrubiswas
Copy link
Contributor

CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3121 is fixed in package gogo/protobuf more than year back. This pull request is to ensure that this repo is using the latest version of gogo/protobuf

johanbrandhorst
johanbrandhorst requested changes Mar 12, 2022
View reviewed changes
Copy link
Member

@johanbrandhorst johanbrandhorst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't we actually need to regenerate the files as well, not just update the dependency?

go.mod Outdated
github.com/golang/protobuf v1.2.0
golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6 // indirect
github.com/gogo/protobuf v1.3.2
github.com/golang/protobuf v1.5.2
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we can introduce this version, it breaks compatibility with <v1.3.x. Can you revert this version change?

@nabbar
Copy link

nabbar commented Apr 20, 2022

any news about this update ?
@johanbrandhorst could you make the update of code if necessary ?

@johanbrandhorst johanbrandhorst merged commit 3055a5d into gogo:master Apr 23, 2022
@sahilvv
Copy link

sahilvv commented Jun 15, 2022

@johanbrandhorst can a new release be cut to be able to consume this change?

@johanbrandhorst
Copy link
Member

Thanks for the reminder, I just cut v1.1.1.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@johanbrandhorst johanbrandhorst johanbrandhorst approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@satadrubiswas @nabbar @sahilvv @johanbrandhorst