-
Notifications
You must be signed in to change notification settings - Fork 9.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Address CVE-2024-24790 #18127
Labels
area/security
good first issue
help wanted
priority/critical-urgent
Highest priority. Must be actively worked on as someone's top priority right now.
type/feature
Comments
jmhbnz
added
area/security
priority/critical-urgent
Highest priority. Must be actively worked on as someone's top priority right now.
help wanted
good first issue
labels
Jun 5, 2024
/assign @ArkaSaha30 |
Go Vulnerability Checker started detecting : https://github.com/etcd-io/etcd/actions/runs/9379426032/job/25824345786#step:6:15 |
@ArkaSaha30 maybe add an entry to update the changelog :) So we won't forget! |
This was referenced Jun 5, 2024
Please also update go version for https://github.com/etcd-io/gofail |
All done. Thanks @ArkaSaha30 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
area/security
good first issue
help wanted
priority/critical-urgent
Highest priority. Must be actively worked on as someone's top priority right now.
type/feature
What would you like to be added?
CVE-2024-24790/ GO-2024-2887 was recently published. We need to bump affected go versions:
Go version bump
Why is this needed?
To keep the Go version up to date and avoid CVEs. The mentioned bumped Go versions includes security fixes to the archive/zip and net/netip packages, as well as bug fixes to the compiler, the go command, the runtime, and the os package.
Ref: golang/go#67680
The text was updated successfully, but these errors were encountered: