Closed conor-naranjo closed 5 months ago
the patch wouldn't resolve the problem but there is a PR already open: #2748
The patch that was applied here does fix the problem and has been released with v0.39.1
. Because this patch is backported scanning tools that only look to module versions may incorrectly report it as not fixed. #2748 will be followed by a v0.40.0
release that will allow scanning tools that only look to module versions to correctly report it as fixed.
I'd also like to take this time to remind everyone that reporting security concerns through public issues is not in alignment with our security policy or general best practices.
Describe the question A DoS vulnerability was identified in the upstream OTEL Collector as documented here: https://github.com/open-telemetry/opentelemetry-collector/security/advisories/GHSA-c74f-6mfw-mm4v https://opentelemetry.io/blog/2024/cve-2024-36129/
Is the AWS Distro affected by this issue and if so when can a patch downstream be expected?E: I see the patches applied - when can they be expected in a release?: https://github.com/aws-observability/aws-otel-collector/commit/d5ff2179e05626814d02ae704a9a6da72115c7d7
Steps to reproduce if your question is related to an action N/A
What did you expect to see? N/A
Environment N/A
Additional context N/A