Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade Go to version 1.22.7 to address CVE-2024-34156. #2151

Closed
Nishant-Kumar07 opened this issue Sep 16, 2024 · 3 comments
Closed

Upgrade Go to version 1.22.7 to address CVE-2024-34156. #2151

Nishant-Kumar07 opened this issue Sep 16, 2024 · 3 comments
Labels
bug v4

Comments

@Nishant-Kumar07
Copy link

Nishant-Kumar07 commented Sep 16, 2024
edited
Loading

[CVE] detected.

Version of yq: 4.44.3
Version of go: 1.22.5

HIGH CVE:
[CVE-2024-34156]

Scanning tool: Trivy
@Nishant-Kumar07 Nishant-Kumar07 changed the title Bump go to version to 1.22.7 to address CVE-2024-34156 Upgrade Go to version 1.22.7 to address CVE-2024-34156. Sep 16, 2024
@woodgear
Copy link

woodgear commented Nov 4, 2024

seems be fixed in master?

@woodgear
Copy link

woodgear commented Nov 4, 2024

@mikefarah what time to next release?

@RoyalOughtness RoyalOughtness mentioned this issue Nov 11, 2024
Closed
@mikefarah
Copy link
Owner

Fixed in 4.44.5

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug v4
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mikefarah @woodgear @Nishant-Kumar07