DXE-4198 Create new release with Go >= 1.22.7

[muffl0n]

Grype is finding these CVEs cause of an outdated Go version used:

NAME    INSTALLED  FIXED-IN  TYPE       VULNERABILITY   SEVERITY 
stdlib  go1.21.12            go-module  CVE-2024-34158  High      
stdlib  go1.21.12            go-module  CVE-2024-34156  High      
stdlib  go1.21.12            go-module  CVE-2024-34155  Unknown

Could you please release a new provider version with an updated Go version?

Thank you!

• https://github.com/golang/go/issues?q=milestone%3AGo1.22.7+label%3ACherryPickApproved
• https://github.com/golang/go/issues/69148
• https://github.com/golang/go/issues/69144
• https://github.com/golang/go/issues/69142
• https://nvd.nist.gov/vuln/detail/CVE-2024-34158
• https://nvd.nist.gov/vuln/detail/CVE-2024-34156
• https://nvd.nist.gov/vuln/detail/CVE-2024-34155

• 522

• 561

[ckulinsk]

Hello @muffl0n

Thank you for raising this topic. We will schedule this update and come back to you when it is ready.

Best regards, Cyryl

[lkowalsk-akamai-com]

Hi @muffl0n with recent release new version of Terraform provider that has updated 1.21 version that fixes mentioned vulnerabilities.

[muffl0n]

Hi @lkowalsk-akamai-com, is there a planned date for the new release?

[muffl0n]

Release 6.5.0 still contains these vulnerabilities. Could you please release a new version? Thanks!

-> % grype .terraform/providers/registry.opentofu.org/akamai/akamai/6.5.0/darwin_arm64/terraform-provider-akamai_v6.5.0

 ✔ Indexed file system                                               /Users/svs/IdeaProjects/gitlab.com/ndrde/code/tagesschau/akamai/property-manager/images.tagesschau.de/.terraform/providers/registry.opentofu.org/akamai/akamai/6.5.0/darwin_arm64
 ✔ Cataloged contents                                                                                                                                                                 208e81568e690eb5ffb6897a72b9447601d65b19d5045860c0320c64736dfaeb
   ├── ✔ Packages                        [66 packages]  
   ├── ✔ File digests                    [1 files]  
   ├── ✔ File metadata                   [1 locations]  
   └── ✔ Executables                     [1 executables]  
 ✔ Scanned for vulnerabilities     [3 vulnerability matches]  
   ├── by severity: 0 critical, 2 high, 1 medium, 0 low, 0 negligible
   └── by status:   3 fixed, 0 not-fixed, 0 ignored 
NAME    INSTALLED  FIXED-IN        TYPE       VULNERABILITY   SEVERITY 
stdlib  go1.21.12  1.22.7, 1.23.1  go-module  CVE-2024-34158  High      
stdlib  go1.21.12  1.22.7, 1.23.1  go-module  CVE-2024-34156  High      
stdlib  go1.21.12  1.22.7, 1.23.1  go-module  CVE-2024-34155  Medium

[lkowalsk-akamai-com]

Thank you for bringing that back up. We are working already on update to use 1.22.x. This work will be included in one of comming releases. I will reopen this ticket for tracking purpouses.