Closed larsteuber closed 1 week ago
Hello, none of these CVE's appear to be in an exploitable context within Supercronic.
In the future, if you would like a Go version bump to reduce the number of erroneous vulnerabilities, would you mind just opening a PR directly? EG: https://github.com/aptible/supercronic/pull/169/files
I would be able to approve such a change immediately, but if I have to open the PR myself I have to involve another team member for review.
After updating to version v0.2.31, we encountered two new medium-severity findings and one high-severity finding:
Upgrading to Go 1.23.1 should resolve these vulnerabilities. Could you please provide a new release with these fixes?