Closed cameronwaterman closed 1 year ago
Just to give an update on this, there a several new vulnerabilities like CVE-2022-41723 related to the /x/net
Golang package that would require a version bump to golang.org/x/net@0.7.0
.
Could some maintainer confirm whether kafka-exporter is affected and if there is a plan to update the affected dependencies and perform a new release for kafka-exporter
?
@FraPazGal thanks, I will update them soon
fixed by https://github.com/danielqsj/kafka_exporter/pull/373, golang has beem upgraded to 1.20.4
There are 3 vulnerable dependencies that fall under these CVEs. CVE-2022-27664, CVE-2022-32149