Vulnerability on nokogiri GHSA-7rrm-v45f-jp64

treasure-data / omnibus-td-agent

td-agent (Fluentd) Packaging Scripts

https://docs.treasuredata.com/articles/td-agent-changelog

Apache License 2.0

82 stars 131 forks source link

Vulnerability on nokogiri GHSA-7rrm-v45f-jp64 #285

Closed narwariyaazad closed 3 years ago

narwariyaazad commented 3 years ago

we are using nokogiri-1.11.1 version and this vulnerability is removed in >=1.11.4 version this nokogiri package is coming from td-agent-gem list and i have also checked it in latest available version of td-agent(4.1.1) but it is not resolved in this also. Could you please provide detail of it . CVE ID:- GHSA-7rrm-v45f-jp64 Thanks in advance.

ashie commented 3 years ago

We are preparing a new release: https://github.com/fluent-plugins-nursery/td-agent-builder/pull/319

BTW please report issues for td-agent 4 or later to https://github.com/fluent-plugins-nursery/td-agent-builder/issues instead of here.

ashie commented 3 years ago

https://github.com/fluent-plugins-nursery/td-agent-builder/issues/324