chore: update golang.org/x/crypto (CVE-2021-43565)

jcmturner / gokrb5

Pure Go Kerberos library for clients and services

Apache License 2.0

723 stars 245 forks source link

chore: update golang.org/x/crypto (CVE-2021-43565) #459

Closed dnwe closed 2 years ago

dnwe commented 2 years ago

Whilst the particular CVE doesn't effect gokrb5 at all (it is in x/crypto/ssh) it has a high CVSS scoring and can hence cause false positives in applications making use of gokrb5 that pull in the older version unless they use replace directives.

jcmturner commented 2 years ago

Sorry for taking so long to look into this. Thanks for your contribution.

dnwe commented 2 years ago

@jcmturner will you be planning an 8.4.3 release in the near future?