search

jimmidyson / configmap-reload

Simple binary to trigger a reload when a Kubernetes ConfigMap is updated
Apache License 2.0
983 stars 193 forks source link

Two relevant CVEs in go1.17.8 #75

Closed danielhoherd closed 2 years ago

danielhoherd commented 2 years ago

From what I can tell, the latest version of configmap-reload v0.7.1 was built with golang 1.17.8

root@3669499cdcd0:/# strings /configmap-reload | grep '^go1'
go1.17.8

1.17.8 is vulnerable to CVE-2022-28327 and CVE-2022-24675, which were both fixed in 1.17.9.

jimmidyson commented 2 years ago

Done :tada: release v0.8.0 is built with go 1.19.