Update go-discover for recent AWS security patch. #6862
Assignees
Labels
pr/dependencies
PR specifically updates dependencies of project
type/enhancement
Proposed improvement or new feature
Milestone
Comments
banks
added
security
pr/dependencies
banks
added
type/enhancement
|
Hey there, This issue has been automatically locked because it is closed and there hasn't been any activity for at least 30 days. If you are still experiencing problems, or still have questions, feel free to open a new one 👍. |
ghost
locked and limited conversation to collaborators
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
See hashicorp/go-discover#128
Once that's merged, we should pull it in and update vendor etc. As noted in that PR, I've already tested Consul's AWS integrations (auto join and CA) with that AWS SDK version.
Edit: note there is no vulnerability in the existing version here so no panic to upgrade but it's already tested so no reason not to and allow auto-join users additional protection from IMDS v2. For more details see: https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/
The text was updated successfully, but these errors were encountered: