Closed scotthew1 closed 1 year ago
Same here. We are getting go package vulnerability CVE-2021-36221 as well. Please upgrade ASAP
Is there a plan to have this upgrade done soon? I've had to remove grpcurl from my docker image due to a dozen or so vulnerabilities in go in versions prior to 1.18.1.
Just to be clear on the ask, you want the released binaries and images to be built with Go 1.18 so that the binaries have the CVEs addressed? You're not asking for a go.mod
minimum version bump.
Yes, I'm asking for the released binaries and images to be built on Go 1.18 to address the CVE.
On Wed, Jul 20, 2022 at 2:49 PM Scott Blum @.***> wrote:
Just to be clear on the ask, you want the released binaries and images to be built with Go 1.18 so that the binaries have the CVEs addressed? You're not asking for a go.mod minimum version bump.
— Reply to this email directly, view it on GitHub https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_fullstorydev_grpcurl_issues_300-23issuecomment-2D1190634522&d=DwMCaQ&c=Z4P52L0foFKAY1wcP-GmiQ&r=CfJc7E9Y5rcraXO6S6e5t3G1fc3xkM5N1A8qyKvsdys&m=f3yKN49C_yA9y0v120FZKvm0u0NWDTjM0JWE05jei4R_4ERMnf9IMpUD-bMQ6Upz&s=y2C0Dk-8XZzvmfXSUG1UyHJEK6cOq0KGluVlTw_ja7k&e=, or unsubscribe https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_AY2BRLHW6PCL55DEH3YRQ6LVVBC4HANCNFSM5R4MFBKA&d=DwMCaQ&c=Z4P52L0foFKAY1wcP-GmiQ&r=CfJc7E9Y5rcraXO6S6e5t3G1fc3xkM5N1A8qyKvsdys&m=f3yKN49C_yA9y0v120FZKvm0u0NWDTjM0JWE05jei4R_4ERMnf9IMpUD-bMQ6Upz&s=4VxfRkKpTfIG5TLlVQ_54mC3UqltXDWxd0oumuZ4v1s&e= . You are receiving this because you commented.Message ID: @.***>
-- NOTICE: This email message is for the sole use of the addressee(s) named above and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution of this message or any attachments is expressly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies and backups of the original message.
It looks like #250 has been open for awhile now, but 1.18 has a particularly enticing change for macOS users.
From the change log: