Bump kiali dependency to the latest possible version #137
Comments
|
One other vulnerability "CVE-2021-3495" is reported by vulnerability scanner. Kindly update the "github.com/kiali/kiali" version to 1.33.0 to fix this vulnerability |
|
Hello Team, Could you please help resolving this issue. It is impacting the projects that are using this tool , as the Vulnerability scanner are reporting these issues and it is blocking us from proceeding further. |
|
Dear Tetratelabs Team, This issue has been stale for some time now, could you be able to provide us with an estimate, when the change might happen and if it's possible to happen at all? Thank you for the support on this! azuterios |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Dear Tetratelabs Team,
Please up the kiali version in the go code. There is an existing dependency for version 1.43+, but it's being replaced with an older package here:
getmesh/go.mod
Line 101 in 6089ff1
Currently, getmesh version 1.1.5 vulnerability scan comes up with a CVE vulnerability, which is older than 1 year - CVE-2021-20278
https://nvd.nist.gov/vuln/detail/CVE-2021-20278
Please remove the replacement or replace it with a newer version and release it. Thank you!
azuterios
The text was updated successfully, but these errors were encountered: