dhiaayachi
commented
19 hours ago Thanks for reporting this!
We are aware of this issue and have published documentation regarding Worker Versioning, an experimental feature that helps mitigate risks when upgrading Temporal Applications.
Worker Versioning aims to improve the upgrade process for Temporal applications by introducing a system of version sets. This allows for a more controlled rollout of new code versions, ensuring compatibility between Workers and Workflows.
It's important to note that the current version of the Temporal Server is affected by the vulnerability you mentioned. The recommended fix is to update Go to 1.21.11 or newer.
We're committed to providing secure and reliable solutions, and we appreciate you bringing this to our attention.
The latest temporalio/admin-tools, temporalio/server and temporalio/ui images are using a version of Go that is impacted by CVE-2024-24790.
Updating Go to 1.21.11 or newer would fix the issue.