Upgrade Golang version to 1.22.2 due to CVE-2023-45288

oliver006 / redis_exporter

Prometheus Exporter for ValKey & Redis Metrics. Supports ValKey and Redis 2.x, 3.x, 4.x, 5.x, 6.x, and 7.x

https://github.com/oliver006/redis_exporter

MIT License

3.03k stars 858 forks source link

Upgrade Golang version to 1.22.2 due to CVE-2023-45288 #914

Closed ewoelfel closed 3 weeks ago

ewoelfel commented 3 weeks ago

Describe the problem The redis-exporter in version 1.60.0 uses a go lang version of 1.20.0. This seems to cause a CVE.

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames

What version of redis_exporter are you running? 1.60.0

It would be great to increase the go version to 1.22.2 where this problem seems to be fixed.

Thank you

oliver006 commented 3 weeks ago

INFO[0000] Redis Metrics Exporter v1.60.0    build date: 2024-05-31-06:17:53    sha1: de84178ae0d629f347ede1615195740e10fd42b5    Go: go1.22.3    GOOS: darwin    GOARCH: amd64