beyhan
commented
2 years ago @jpalermo do you know when we will have a new release?
Closed joergdw closed 2 years ago
beyhan
commented
2 years ago @jpalermo do you know when we will have a new release?
jpalermo
commented
2 years ago We don't cut them on a schedule, and try not to cut them too frequently as an update to bpm means every VM has to be updated which frustrates users with large deployments. I don't think this CVE actually impacts bpm, but I went ahead and cut 1.1.18 because that's much easier than proving it's not impacted 😀
beyhan
commented
2 years ago Thank you @jpalermo!
The current release is not up-to-date. However the golang-versions prior to 1.18.2 and 1.17.10 have CWE 284. Could you publish soon the next release to fix this, please?