smoshiur1237
commented
2 weeks ago /cc @AlonaKaplan @phoracek
Closed smoshiur1237 closed 1 week ago
smoshiur1237
commented
2 weeks ago /cc @AlonaKaplan @phoracek
phoracek
commented
1 week ago Hi @smoshiur1237, thanks for reporting this. I have posted https://github.com/k8snetworkplumbingwg/ovs-cni/pull/332 to bump the version to the latest 1.22.9.
smoshiur1237
commented
1 week ago Thanks @phoracek , I have left a comment and request to update the docker file in hack folder to change the go version to 1.22.7
smoshiur1237
commented
1 week ago @phoracek thanks for merging the uplift. May I know when are you going to have a release to add this change? would it be in patch release or in minor release?
phoracek
commented
1 week ago @smoshiur1237 I will issue a minor release in a second. Minor because the main branch has a new feature in it https://github.com/k8snetworkplumbingwg/ovs-cni/pull/322
phoracek
commented
1 week ago https://github.com/k8snetworkplumbingwg/ovs-cni/releases/tag/v0.35.0 the container images should be published soon too.
I will close this issue now. @smoshiur1237 thanks for reporting it. Please feel free to reopen in case you see this CVE is not resolved in the new build.
We are having a vulnerability report which is related to CVE-2024-24790 and it has critical score. This can be fixed by uplifting go to 1.22.7. We would appreciate if you support the uplift and add the go uplift in your next official release..