-
Notifications
You must be signed in to change notification settings - Fork 173
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2023-45142 affects the go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.35.1 indirect dependency #160
Comments
This repository does not use otelhttp, but I think it is still a good idea to bump the version. |
/assign @dgrisonnet |
Hi, Any plans on updating the otelhttp package? |
This repo is not directly affected by that vulnerability, so we don't have any timeline for fixing it. @manikantanallagatla would you perhaps be interested in sending a PR to bump the k8s versions and the otel dep? |
Open a PR #162 to fix it |
/close It's in 1.29.0 already |
@CatherineF-dev: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
CVE link: https://nvd.nist.gov/vuln/detail/CVE-2023-45142
Is this repository using the go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp dependency actively? If so, can you give a time frame on resolving the CVE?
The text was updated successfully, but these errors were encountered: