Open dhiaayachi opened 2 weeks ago
Hi,
Thanks for reporting this security vulnerability. We are aware of the vulnerability reported in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
and are actively working on upgrading to a fixed version.
We will release a new Temporal version with the fix as soon as possible. You can follow our releases and updates on our GitHub releases page.
In the meantime, we suggest you consider upgrading to the latest version of the go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
package.
Hi,
Thanks for reporting this. We're aware of the vulnerability you're referencing and we are actively working to address it in an upcoming release.
For now, you can upgrade the go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
dependency in your project to version 0.46.0 or later. Please refer to the Temporal documentation for details on upgrading Temporal.
We'll let you know when the next Temporal release with the fix is available.
Hi,
Thank you for reporting this security vulnerability.
We are aware of the issue reported in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
and are working on upgrading the package to the latest version in an upcoming Temporal release. In the meantime, you can consider upgrading the go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
package in your application to version 0.46.0 or later.
We will keep you updated on the release schedule.
Hi there,
Thank you for reporting this vulnerability. We are aware of the security vulnerability reported in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
. The Temporal team is actively working on upgrading the package to version 0.46.0. We will release a new version of Temporal as soon as possible. In the meantime, you can consider pinning the go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
package to version 0.46.0 in your project.
We will update our documentation with the release date and version number once the new version is available.
We appreciate your patience and understanding.
Thank you for reporting this security vulnerability. We are aware of the issue and are working on a fix. We will update the Temporal documentation with the new release information once it's available. In the meantime, we recommend upgrading your Temporal installation to a version that includes the fix.
Hi,
There is a security vulnerability identified and reported in go package go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc (as mentioned here). This vulnerability is fixed in version 0.46.0. We observed that the latest temporal version i.e. 1.22.4 still uses an affected version of the package i.e. 0.42.0. Do you have an estimate on when the next release will be available which will have the fix for the reported vulnerability?
Thanks.