When will the next release be?

[andrster]

Sorry for asking, it's just there is a security issue in 0.11 related to nextcloud.

[lonnblad]

Hi @andrster, no need to be sorry. Can you help me with more information around the security issue?

BR Fredrik

[andrster]

https://nextcloud.com/security/advisory/?id=NC-SA-2021-005. this should provide more info. but Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in OC.Notification.show.

[lonnblad]

Hi @andrster, maybe I'm missing something, but I'm not familiar with Nextcloud and I don't understand how a security issue with Nextcloud Server has anything to do with godog.

A question on our slack community was raised about a security issue with "cobra", are those related?

[sergiught]

Hey @lonnblad, not sure about the nextcloud security issue but there is another one detected by whitesource:

Whitesource has detected the usage of a vulnerable library github.com/cucumber/gherkin-go/v11-358b64f0b76efbd07590532f6f02f4667d28f9f9

[lonnblad]

Hey @lonnblad, not sure about the nextcloud security issue but there is another one detected by whitesource:

Whitesource has detected the usage of a vulnerable library github.com/cucumber/gherkin-go/v11-358b64f0b76efbd07590532f6f02f4667d28f9f9

Hi @sergiughf, thanks!! Do you know if that is solved in a later version of gherkin-go?

[sergiught]

I honestly don't know:) as I'm not able to run whitesource manually on demand, it's automated and the check reruns only after a PR merge.

[lonnblad]

ok, I will check with the gherkin-go maintainers :)

[sergiught]

Thank you @lonnblad ! Much appreciated:)

[lonnblad]

@sergiughf I created a new issue #382 for the whitesource gherkin-go issue.

[mpkorstanje]

Closed by https://github.com/cucumber/godog/issues/382#issuecomment-799235959