We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The gogo protobuf module in the version that is being used by telegraf (1.3.1) has a CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3121
The vulnerability has been fixed in version 1.3.2. Please consider bumping the version of this dependency. Thanks!
The text was updated successfully, but these errors were encountered:
Thanks for opening this issue, I'll look into upgrading the dependency!
Sorry, something went wrong.
Thanks @helenosheaa!
@helenosheaa , the go.sum file contains references to the older protobuf versions.
Does this mean that Telegraf depends on components that required/use the older/vulnerable versions?
If this is correct, then would these Telegraf dependencies need to be updated as well?
Opened #10581
helenosheaa
Successfully merging a pull request may close this issue.
The gogo protobuf module in the version that is being used by telegraf (1.3.1) has a CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3121
The vulnerability has been fixed in version 1.3.2. Please consider bumping the version of this dependency. Thanks!
The text was updated successfully, but these errors were encountered: