Upgrade golang.org/x/crypto to v0.17.0 to fix vulnerability issue by nicumaxian · Pull Request #2562 · labstack/echo
Navigation Menu
{{ message }}
- Notifications You must be signed in to change notification settings
- Fork 2.3k
Merged
aldas merged 1 commit intolabstack:masterfrom
Dec 19, 2023Merged
Conversation
Copy link Copy Markdown
Contributor
Vulnerability found on 12/18/2023 regarding to golang.org/x/crypto for versions v0.16.0and below.
https://nvd.nist.gov/vuln/detail/CVE-2023-48795 | https://pkg.go.dev/vuln/GO-2023-2402
This MR upgrades dependency to v0.17.0 to avoid vulnerability issue.
Copy link Copy Markdown
Contributor
aldas
commented
Dec 19, 2023
aldas commented
Dec 19, 2023affected packages: golang.org/x/crypto/ssh as per https://pkg.go.dev/vuln/GO-2023-2402 this should not be a problem for HTTP(s) related stuff. but I will tag a patch release today.
aldas
merged commit
287a82c
into
labstack:master
aldas
mentioned this pull request
Merged
Copy link Copy Markdown
Contributor
aldas
commented
Dec 20, 2023
aldas commented
Dec 20, 2023patch version v4.11.4 is released. Maybe this helps people with "loud" security scanners.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
2 participants