search

youmark / pkcs8

Go package implementing functions to parse and convert private keys in PKCS#8 format, as defined in RFC5208 and RFC5958
MIT License
97 stars 45 forks source link

CVE-2017-3204, CVE-2019-11840 - Update depenency for golang.org/c/crypto to fix. #35

Open AxxlFoley opened 5 months ago

AxxlFoley commented 5 months ago

Hi,

can we get a bump of golang.org/x/crypto to the latest version 0.22 ? We currently face these security vulnerbilities in our security scans.

CVE-2017-3204 CVE-2019-11840

AxxlFoley commented 5 months ago

Created a PR https://github.com/youmark/pkcs8/pull/36 to adress this .. @youmark Can you have a look ?

michel-laterman commented 4 months ago

Hi @AxxlFoley, if you're interested we have forked and updated this repo to address this issue: https://github.com/elastic/pkcs8