CVE-2024-24790 CRITICAL vulnerability in /home/ont/ontology binary

[hasakura12]

Is your feature request related to a problem? Please describe.

Trivy image scan shows

home/ont/ontology (gobinary)
============================
Total: 1 (CRITICAL: 1)
┌─────────┬────────────────┬──────────┬────────┬───────────────────┬─────────────────┬────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │  Fixed Version  │                           Title                            │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼─────────────────┼────────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2024-24790 │ CRITICAL │ fixed  │ 1.18.10           │ 1.21.11, 1.22.4 │ golang: net/netip: Unexpected behavior from Is methods for │
│         │                │          │        │                   │                 │ IPv4-mapped IPv6 addresses                                 │
│         │                │          │        │                   │                 │ https://avd.aquasec.com/nvd/cve-2024-24790                 │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────┴────────────────────────────────────────────────────────────┘

Describe the solution you would like

• patch the offending package by upgrading it

Describe alternatives you have considered

• tried to build it from the source but didn't work

  #9 [4/5] RUN make all
  #9 0.281 make: *** No rule to make target 'all'.  Stop.
  #9 ERROR: process "/bin/sh -c make all" did not complete successfully: exit code: 2
  ------
  > [4/5] RUN make all:
  0.281 make: *** No rule to make target 'all'.  Stop.

[laizy]

fixed in #1444

[hasakura12]

fixed in #1444

@laizy great. When will a new version of the binary be expected to be released?

[hasakura12]

@laizy please let me know

[laizy]

@hasakura12 https://github.com/ontio/ontology/releases/tag/v2.5.8-go1.22.5