search

nats-io / nsc

Tool for creating nkey/jwt based configurations
Apache License 2.0
98 stars 44 forks source link

New nsc version inlcuding latest nkeys vuln patch #623

Closed rubur-webbeds closed 10 months ago

rubur-webbeds commented 10 months ago

What motivated this proposal?

Our scanner detects the vulnerability CVE-2023-46129 in the package github.com/nats-io/nkeys. From this PR https://github.com/nats-io/nsc/pull/622 we see the new version is there, but not released yet.

What is the proposed change?

Release a new nsc version including the patch. Thank you

Who benefits from this change?

No response

What alternatives have you evaluated?

No response

aricart commented 10 months ago

working on that.

aricart commented 10 months ago

I just released 2.8.3 - noticed that the 2.8.2 release was staged but not published. v2.8.3 should be happy with the CVE scans!.