geoand
commented
4 years ago Thanks for reporting!
Would you like to send a PR updating the version?
Closed Nick-Anderssohn closed 4 years ago
geoand
commented
4 years ago Thanks for reporting!
Would you like to send a PR updating the version?
Nick-Anderssohn
commented
4 years ago @geoand Sorry for the delay, PR #77 bumps the version.
svenstaro
commented
4 years ago Well, can't this issue be closed?
I noticed issue #48 talks about upgrading to jaeger 0.35.1. I think that issue should have been closed actually since this now uses jaeger 0.35.1. Unfortunately, a couple other high severity CVEs have been discovered in the version of lib-thrift that is used by jaeger 0.35.1. Jaeger 1.1.0 uses a newer version of lib-thrift that doesn't have those CVEs, so hopefully we can upgrade. These are the CVEs I am referring to: