Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability with Golang Libraries Require Updates #49

Closed
2 tasks done
estein9825 opened this issue Mar 28, 2023 · 2 comments
Closed
2 tasks done

Vulnerability with Golang Libraries Require Updates #49

estein9825 opened this issue Mar 28, 2023 · 2 comments
Assignees
@akshay196
Labels
bug Something isn't working triage/accepted Indicates an issue or PR is ready to be actively worked on.

Comments

@estein9825
Copy link

estein9825 commented Mar 28, 2023
edited

The relay agent golang library contains the following vulnerabilities:

github.com/prometheus/client_golang fixed in version 1.12.2

https://bugzilla.redhat.com/show_bug.cgi?id=2067400

golang.org/x/text fixed in version 0.3.8

https://www.cvedetails.com/cve/CVE-2021-38561/

These libraries need to be updated.

  • I've described the bug, included steps to reproduce it, and included my environment setup with all customizations.
  • I'm using the latest version of the project.
@estein9825 estein9825 added bug Something isn't working new Needs triage labels Mar 28, 2023
@estein9825 estein9825 changed the title Vulnerability with Golang Libraries Required Updates Vulnerability with Golang Libraries Require Updates Mar 28, 2023
@akshay196 akshay196 added triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed new Needs triage labels Mar 28, 2023
@akshay196 akshay196 self-assigned this Mar 28, 2023
@akshay196
Copy link
Member

Configuring GitHub dependabot for security updates: #50

@akshay196
Copy link
Member

akshay196 commented Apr 1, 2023
edited

github.com/prometheus/client_golang fixed in version 1.12.2

https://bugzilla.redhat.com/show_bug.cgi?id=2067400

The prometheus/client_golang is fixed in version v1.11.1 (1.12.2 is the fedora package version)

golang.org/x/text fixed in version 0.3.8

https://www.cvedetails.com/cve/CVE-2021-38561/

Fixed in #47

Configured GH dependabot to get security alerts.

Closing this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@akshay196 akshay196

Labels
bug Something isn't working triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@akshay196 @estein9825