Closed mitchellmaler closed 8 months ago
Good day all, Figured I would comment here instead of opening a new issue. We are also using the 2.11.0 release and our scan tools (Anchore and Twistlock) have found multiple CVEs in regards to the golang version being used 1.20.5 (all of which will be resolved with 1.20.10)
CVE-2023-29406 CVE-2023-29409 CVE-2023-39318 CVE-2023-39319 CVE-2023-39323 CVE-2023-39325
Please let me k now if you have any questions.
This has been fixed in v2.12.0
/close
@jsafrane: Closing this issue.
Hello, our security tooling is showing the latest version has CVE-2023-44487. This requires upgrading Golang to a later patch version to pull in the latest net package.