We have been using the ejson utility in some of our projects and recently attempted to deploy one of our images with ejson and were stopped due to CVE's related to the golang version for the 1.2.1 release.
CVE
Severity
CVE-2018-16874
Medium
CVE-2018-16873
Medium
CVE-2017-15042
Medium
CVE-2019-11888
High
CVE-2018-6574
High
CVE-2018-16875
High
CVE-2019-17596
Medium
CVE-2017-15041
High
I was able to update the go modules and recompile with go version 1.14.3 and the scanning tool no longer flagged anything with ejson. Just wondering if there are any plans for a new release with a newer version of golang.
burke
commented
4 years ago
We have been using the ejson utility in some of our projects and recently attempted to deploy one of our images with ejson and were stopped due to CVE's related to the golang version for the 1.2.1 release.
I was able to update the go modules and recompile with go version 1.14.3 and the scanning tool no longer flagged anything with ejson. Just wondering if there are any plans for a new release with a newer version of golang.