Please upgrade Go runtime (>= 1.20.7) to fix security vulnerabilities
jhauglid opened this issue · comments
The currently used version of the Go runtime (1.20.5) have several high severity security vulnerabilities that can be detected by scanners such as the Google Artifact Registry scanner.
Here's a list of issues:
https://nvd.nist.gov/vuln/detail/CVE-2023-39533
https://nvd.nist.gov/vuln/detail/CVE-2023-29409
https://nvd.nist.gov/vuln/detail/CVE-2023-29406
All of these have been fixed in 1.20.7
Please consider upgrading.
Thanks @jhauglid for suggestion!
We will upgrade the go runtime to the latest one (1.21.0).
This will be included in our Sept 2023 release.
This has been merged into the master branch and will be released on Sept 25, 2023.
@jhauglid ping.
This has been released in GCSFuse release version 1.2.0 .